[qubes-users] Fedora Process didn't actually upgrade the Fedora version

2021-05-08 Thread Patrick
Hi, I am trying to upgrade Fedora 30 to Fedora 33. I followed instructions 
here: https://www.qubes-os.org/doc/template/fedora/upgrade/

The actual upgrade command shown there is:
sudo dnf --releasever= distro-sync --best --allowerasing

In my case (in the VM Template to be upgraded):
sudo dnf --releasever=33 distro-sync -best -allowerasing

It does a major upgrade, 1200 or so instructions, and is successful. 
However, when I check the version it is still Fedora version 30. 

Any help there?

Thanks,
Patrick
Dallas

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/75bb35cd-f556-4ed9-a084-034d147ac037n%40googlegroups.com.


[qubes-users] Qubes - SSH (soon VNC) into Qubes dom0 - Testers Wanted!

2021-03-27 Thread 'Patrick Schleizer' via qubes-users
Encrypted, authenticated SSH or VNC into Qubes dom0 over an
authenticated Tor onion v3 service.

Only available in Qubes R4.1 and above.

User documentation:
 
https://www.whonix.org/wiki/Remote_Administration#Qubes_-_SSH_or_VNC_into_Qubes_dom0

Source code:
 https://github.com/QubesOS/qubes-remote-support

Development notes:
 https://www.whonix.org/wiki/Dev/Qubes_Remote_Support

Qubes ticket:
 https://github.com/QubesOS/qubes-issues/issues/6364

Qubes repository upload status:
 https://github.com/QubesOS/updates-status/issues/2353

x2go (VNC) support broken until upstream fix for issue flows to Qubes
R4.1 dom0:
 https://github.com/QubesOS/updates-status/issues/2353

Forum discussion:
https://forums.whonix.org/t/qubes-ssh-soon-vnc-into-qubes-dom0-testers-wanted/11330

Credits:
This has been a shared project among Qubes and Whonix project.

- conceptual planning: Patrick Schleizer, Whonix, Marek
Marczykowski-Górecki, Qubes OS, Insurgo
- command line backend utilities, Whonix integration: Patrick Schleizer,
Whonix
- graphical user interface (GUI), Qubes Remote Support GUI: Marta
Marczykowska-Górecka (Qubes OS)

Gratitude is expressed to NLnet for funding this functionality as part
of accessible security project!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/176bd8b8-ade0-3a60-1b12-f168719293a1%40whonix.org.


Re: [qubes-users] Whonix uwtwrapper Error using SSH / torsocks

2021-03-26 Thread 'Patrick Schleizer' via qubes-users
'qubebe' via qubes-users:
> Hi,
> 
> I am new to QubesOS, and now wanted to just ssh into my server.
> But if I want to ssh I get the following error message, I didn't changed 
> anything at the standard config (Whonix-ws-15):
> 
> user@host:~$ ssh
> uwtwrapper uwt wrapper ERROR: /usr/bin/ssh.anondist-orig does not exist.
> 
> Could you please help me?
> 


Install ssh.

sudo apt update

sudo apt install openssh-client

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3d2bf5fe-cbd7-5012-bf8f-5a8ac7d6554d%40whonix.org.


Re: [qubes-users] Whonix: configure Torbrowser for use in DispVM

2020-03-19 Thread Patrick Schleizer
Sven Semmler:
> I think torbrowser is a whonix-specific script that somehow detects that
> it's running in a dispvm and then nukes the profile and replaces it with
> a default. Is that true?


No.

https://www.whonix.org/wiki/Qubes/DisposableVM

> I want only the
> default search engine to change and the security to be 'safest' (no
> scripts at all)
> 
> What's the best way to do this?


https://www.whonix.org/wiki/Qubes/DisposableVM#Tor_Browser_in_DVM_Template

https://www.whonix.org/wiki/Tor_Browser/Advanced_Users#DVM_Template_Customization

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f1d120dc-0894-f774-277c-dc85618ed9ea%40whonix.org.


Re: [qubes-users] Forgot to RTFM and now getting errors in whonix during update?

2020-03-16 Thread Patrick Schleizer
Note:

Bisq package is at that time neither available from packages.debian.org
nor deb.whonix.org. It's a third party package.

Same would happen in Debian. Therefore this isn't a Whonix related issue
either.

Whonix only happens to provide instructions on how to install Bisq
despite some issues which are neither caused by Whonix nor Qubes.

Stumpy:
> I had tried to install bisq on my whonix ws template and for "some
> reason" (which i later found out when i did read the whonix docs) it
> wasnt working.


Please follow the documentation.

> Setting up bisq (1.2.7) ...
> Adding shortcut to the menu
> xdg-desktop-menu: No writable system menu directory found.
> dpkg: error processing package bisq (--configure):
>  installed bisq package post-installation script subprocess returned
> error exit status 3
> Errors were encountered while processing:
>  bisq
> E: Sub-process /usr/bin/dpkg returned an error code (1)


As per documentation.

https://www.whonix.org/wiki/Bisq#xdg-desktop-menu_bug_workaround

sudo mkdir -p /usr/share/desktop-directories

Cheers,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9beabd65-62ad-b2e9-b236-4fb92e9bbb93%40whonix.org.


Re: [qubes-users] Forgot to RTFM and now getting errors in whonix during update? (and deb template "qubes-core-agent-passwordless-root" error)

2020-03-16 Thread Patrick Schleizer
Issue:

>>> Setting up bisq (1.2.7) ...
>>> Adding shortcut to the menu
>>> xdg-desktop-menu: No writable system menu directory found.
>>> dpkg: error processing package bisq (--configure):
>>>   installed bisq package post-installation script subprocess returned
>>> error exit status 3
>>> Errors were encountered while processing:
>>>   bisq
>>> E: Sub-process /usr/bin/dpkg returned an error code (1)


Totally different issue:

>> Removing qubes-core-agent-passwordless-root (4.0.51-1+deb10u1) ...
>> Removing user user from group sudo
>> gpasswd: user 'user' is not a member of 'sudo'
>> dpkg: error processing package qubes-core-agent-passwordless-root
>> (--remove):
>>   installed qubes-core-agent-passwordless-root package post-removal
>> script subprocess returned error exit status 3
>> Errors were encountered while processing:
>>   qubes-core-agent-passwordless-root
>> E: Sub-process /usr/bin/dpkg returned an error code (1)


Please don't mix a totally different issue into the same mailing list
thread.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0653aafe-7919-23e0-2756-b961ca2d8f01%40whonix.org.


[qubes-users] Qubes-Whonix 15 TemplateVMs (4.0.1-202003070901) -- Testers Wanted!

2020-03-10 Thread Patrick Schleizer
https://www.whonix.org/wiki/Qubes/Install/Testing

Or.

https://www.whonix.org/wiki/Qubes/Reinstall/Testing

Let's test these templates!

* https://github.com/QubesOS/updates-status/issues/1674
* https://github.com/QubesOS/updates-status/issues/1675

Alternatively:

In-place release upgrade is possible upgrade using Whonix testers repository

https://www.whonix.org/wiki/Project-APT-Repository

Changes:

Contains all enhancements there were recently released.

https://forums.whonix.org/t/whonix-virtualbox-15-0-0-8-9-point-release-vanguards-tcp-isn-leak-protection-extensive-hardening/8994

https://forums.whonix.org/t/whonix-virtualbox-15-0-0-9-4-testers-wanted/9089

Whonix forums discussion:

https://forums.whonix.org/t/qubes-whonix-15-templatevms-4-0-1-202003070901-testers-wanted/9093

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b6608954-8270-e4b7-12e1-e7eb6b92df13%40whonix.org.


Re: [qubes-users] Per-VM stream isolation in Whonix

2019-10-06 Thread Patrick Schleizer
tetrahedra via qubes-users:
> On Fri, Sep 27, 2019 at 01:37:06PM +, Claudia wrote:
>> Isolating apps in the same VM is a different issue, but you're saying
>> traffic from different VMs is appearing to come from the same address?
>>
>> Hmm, that definitely should not be happening. VM isolation is enabled
>> out of the box. Different VMs, whonix or otherwise, should never share
>> circuits. IsolateClientAddr (on by default) in whonix-gw's torrc
>> should isolate streams originating from different addresses/VMs, no
>> matter what OS or apps they're running.
> 
> I don't see that setting in
> /usr/local/etc/torrc.d/40_tor_control_panel.conf or in 50_user.conf ...
> which torrc is that setting supposed to be in?
> 


/usr/share/tor/tor-service-defaults-torrc

https://github.com/Whonix/anon-gw-anonymizer-config/blob/master/usr/share/tor/tor-service-defaults-torrc.anondist

https://www.whonix.org/wiki/Dev/git#grep_Whonix_source_code

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3b427b05-a407-283b-1ec1-8382ba47bb81%40whonix.org.


[qubes-users] Any virtualizer / emulator working in Qubes OS?

2019-09-19 Thread Patrick Schleizer
Is there any virtualizer / emulator working inside Qubes OS AppVMs?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2d7d4f20-b255-ed3b-30ef-7b98bfd44e69%40whonix.org.


Re: [qubes-users] Whonix Tor Browser Starter safest setting fails

2019-09-19 Thread Patrick Schleizer
'b17b7bdb' via qubes-users:
> - JavaScript is ALLOWED on selected sites.
> To view these sites click on the NoScript Preferences button in the 
> about:addons page and then select the Per-Site Permissions tab.


Whonix source code doesn't write literally googlevideo, netflix,
outlook, etc. anywhere. It does not do anything to give special
treatment to any websites.

By policy, for simplicity, clean implementation and whatnot, the
"inside" of Tor Browser isn't modified by Whonix. This is elaborated here:

 
https://www.whonix.org/wiki/FAQ#Does_Whonix_Change_Default_Tor_Browser_Settings.3F

Tor Browser upstream issue. Bug report written just now.

wipe all mentions of netflix, paypal, youtube, ... from noscript in Tor
Browser

https://trac.torproject.org/projects/tor/ticket/31798

See also:

https://www.helpnetsecurity.com/2015/07/01/researchers-point-out-the-holes-in-noscripts-default-whitelist/

https://thehackerblog.com/the-noscript-misnomer-why-should-i-trust-vjs-zendcdn-net/

>From noscript FAQ:

Q: What websites are in the default whitelist and

https://noscript.net/faq#qa1_5

Q: What is a trusted site?

https://noscript.net/faq#qa1_11

Whonix forum discussion:

https://forums.whonix.org/t/noscript-with-security-slider-at-safest-permits-around-30-sites/8160

Cheers,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0104280d-a6d9-68e0-16fb-0fe080789c76%40whonix.org.


Re: [qubes-users] whonix-15 TB in dvm on Safest has whitelisted sites in NoScript by default

2019-09-19 Thread Patrick Schleizer
Whonix source code doesn't write literally googlevideo, netflix,
outlook, etc. anywhere. It does not do anything to give special
treatment to any websites.

By policy, for simplicity, clean implementation and whatnot, the
"inside" of Tor Browser isn't modified by Whonix. This is elaborated here:

 
https://www.whonix.org/wiki/FAQ#Does_Whonix_Change_Default_Tor_Browser_Settings.3F

Tor Browser upstream issue. Bug report written just now.

wipe all mentions of netflix, paypal, youtube, ... from noscript in Tor
Browser

https://trac.torproject.org/projects/tor/ticket/31798

See also:

https://www.helpnetsecurity.com/2015/07/01/researchers-point-out-the-holes-in-noscripts-default-whitelist/

https://thehackerblog.com/the-noscript-misnomer-why-should-i-trust-vjs-zendcdn-net/

>From noscript FAQ:

Q: What websites are in the default whitelist and

https://noscript.net/faq#qa1_5

Q: What is a trusted site?

https://noscript.net/faq#qa1_11

Whonix forum discussion:

https://forums.whonix.org/t/noscript-with-security-slider-at-safest-permits-around-30-sites/8160

Cheers,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5d283bda-6150-8cbe-acce-5cc39c384d75%40whonix.org.


Re: [qubes-users] Is Qubes partnered with Whonix and is Whonix just as secure as Qubes if you're only using the computer for web stuff?

2019-09-06 Thread Patrick Schleizer
pixel fairy:

> qubes uses xen, which has a smaller attack surface and much better track 
> record for vm escape vulns. if you cant use that, make sure you keep up to 
> date on virtualbox. if you dont like virtualbox, you might be able to 
> import whonix to libvirt / kvm. 
> https://www.redhat.com/en/blog/importing-vms-kvm-virt-v2v 


https://www.whonix.org/wiki/KVM

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4c79ae94-8a58-0a2c-5448-c65cade1f920%40whonix.org.


Re: [qubes-users] Re: whonix tor browser customization

2019-09-06 Thread Patrick Schleizer
panina:
> On 8/9/19 9:05 AM, Patrick Schleizer wrote:
>>> panina:
>>> Namely, they removed NoScript from the toolbar, so that the
>>> NoScript cannot be used as intended.
>>
>>
>> We did not. Decision by upstream, The Tor Project.
>>
>>
> https://forums.whonix.org/t/workstation-15-dropped-both-noscript-and-https/7733
> 
> Thanks, duly noted. Is there any chance to get them to add a setting for
> this? Or re-think their decision?


It's not up to me at all. The Tor Project is the only point of contact
fo this.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/55ba1be6-e86f-940d-6c11-69557dc96a39%40whonix.org.


[qubes-users] Re: whonix tor browser customization

2019-08-09 Thread Patrick Schleizer
panina:
> Namely, they removed NoScript from the toolbar, so that the
> NoScript cannot be used as intended.


We did not. Decision by upstream, The Tor Project.

https://forums.whonix.org/t/workstation-15-dropped-both-noscript-and-https/7733

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/42b8a0ae-8f0e-52e0-e639-b6d780919cef%40whonix.org.


Re: [qubes-users] whonix workstation 15 browser dropped both noscript and https

2019-08-09 Thread Patrick Schleizer
drok...@gmail.com:
> What are they doing over there?
> 


Decision by upstream, The Tor Project.

https://forums.whonix.org/t/workstation-15-dropped-both-noscript-and-https/7733

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fbe197f5-b015-2248-6d47-889841433784%40whonix.org.


Re: [qubes-users] Error on update on whonix-15 templates

2019-08-09 Thread Patrick Schleizer
> Hi, I made a fresh install of Qubes 4. I followed carefully the
> instructions on the whonix website for fresh installation of the new
> whonix-gw-15 and whonix-ws-15 (with previous complete uninstall of the
> whonix-14 templates and its VMs including DVM).
> 
> I can update any template like fedora-29 and 30 and debian-9 including
> dom0, nicely. When I but try to update whonix-gw-15 or whonix-ws-15
> through the arrow in Qube Manager, I get following error:
> 
> [Dom0] Error on qube update!
> Failed to apply DSA-4371 fix: Error: Error: Could not determine Debian
> release!
> 
> However if I enable in the Global settings to check for updates for
> all qubes automatically, it finds the updates for both whonix-15
> templates, shows it in the upper right corner orange-flower-icon, and
> updates both whonix-15 templates without any error.
> If I than try again to press the update arrow, it returns the same error
> .
> 
> Can I somehow work around this issue?
> 
> 



https://github.com/QubesOS/qubes-issues/issues/5150

https://github.com/QubesOS/qubes-issues/issues/5057

https://www.whonix.org/wiki/Operating_System_Software_and_Updates

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2d63d316-bddb-ca8c-3636-b3b5f98b58e0%40whonix.org.


[qubes-users] OpenPGP signed websites

2019-03-12 Thread Patrick Schleizer
qubes-...@tutanota.com:
> Feb 23, 2019, 3:50 AM by patrick-mailingli...@whonix.org:
> 
>> Reminds me, would be good to have OpenPGP signed websites all over the
>> internet. Unfortunately there is no project working towards it.
>>
>> https://www.whonix.org/wiki/Dev/OpenPGP_Signed_Website
>>
> 
> Absolutely yes. What is the biggest hindrance to make it more widespread IYHO?

Speculation:

- lack of developer manpower
- lack of problem awareness
- lack of a real world case where such an incident happened which was
then widely popularized

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f04850c7-2655-d469-dbb9-1e14a6cf87ac%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Valid Concerns Regarding Integrity of Whonix Project

2019-02-22 Thread Patrick Schleizer
Reminds me, would be good to have OpenPGP signed websites all over the
internet. Unfortunately there is no project working towards it.

https://www.whonix.org/wiki/Dev/OpenPGP_Signed_Website

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3d931f65-c1ba-3d8b-f510-9d38dfb82802%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Valid Concerns Regarding Integrity of Whonix Project

2019-02-22 Thread Patrick Schleizer
cooloutac:
> The reason why I say privacy and anonymity are two diff things.  And way 
> apart from security. is For example if I log into a facebook .onion site.  
> Its still my identity.  All that information about you is still being sold to 
> ad agencies.  Governments are still watching it.   The only benefit I can 
> see, is again,   people hiding their location for fear of their life or 
> imprisonment.

Alternative end-to-end encryption without TLS certificate authorities
involved.

> And actually be using it you are using up bandwidth those people could be 
> using, just to feel special.

Citation required.

At no point Tor Project had the position that people should limit
themselves if possible, except for Bittorrent traffic. On the contrary.
They welcome Tor adaption.

See PDF:

Anonymity Loves Company: Usability and the Network Effect

By Roger Dingledine and Nick Mathewson (Tor founders and core developers)

https://freehaven.net/anonbib/cache/usability:weis2006.pdf

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4164f23b-06e2-e284-9f4e-dde38ea93ead%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Valid Concerns Regarding Integrity of Whonix Project

2019-02-21 Thread Patrick Schleizer
cooloutac:
> I read that whonix thread.  Still not sure why whonix doesn't have a canary.  
> What could it hurt?  Any aspect of the project could be compromised for any 
> reason.   Thats the same as people saying I have nothing to hide so why 
> worry.  In the other thread Patrick says US laws affect all countries.
> 
> Patrick banned me from the forums too once a long while ago.  I told him I'd 
> never post there again and never did. lol.

"banned" is wrong. Ban referring to a block from posting to Whonix
forum. That was never the case.

Reference:

https://forums.whonix.org/t/forward-and-reverse-dns-dont-match-up/2147

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a24f3d1a-cd22-dabf-5429-a244b8b94e9a%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Valid Concerns Regarding Integrity of Whonix Project

2019-02-15 Thread Patrick Schleizer
ce code, testing, design, answering good
questions

** Not so much fun but necessary: legal, funding, server, releases,
uploads, signing keys, announcements

Meaning: Please contribute - then everything can be improved.

I'd be happy to hand over upload rights / package builds / server
administration to a more qualified organization that is strong in
legal defense, computer security and reliable funding. But at the
moment, I don't see anything like that emerging.

Cheers,
Patrick

[1] https://www.whonix.org/wiki/Trust
[2] https://www.whonix.org/wiki/Trust#Should_I_Trust_This_Website.3F
[3]
https://www.qubes-os.org/faq/#what-does-it-mean-to-distrust-the-infrastr
ucture
[4]
https://www.whonix.org/wiki/FAQ#Is_the_Linux_User_Experience_Comparable_
to_Commercial_Operating_Systems.3F
[5] Some US laws apparently apply worldwide.

* Kim Dotcom, a German/Finish dual national, permanent resident of and
physically present in New Zealand at the time of the alleged copyright
infringement by USA had his assets seized, worldwide bank accounts
frozen, arrested and may be extradited to USA, ongoing legal proceedings
.
* US sanctions laws apparently apply worldwide. Including non-US
citizen outside of US territory. Chinese citizen arrested during
flight layover in Canada by Canadian authorities to be extradited to
USA. -
https://edition.cnn.com/2018/12/11/business/huawei-cfo-arrest-details/in
dex.html
* Ulrich Wippermann, German citizen, apparently resident in Germany at
the time, employed by a company did not break any German laws.
Nevertheless, he got put on an US restricted persons blacklist, in resul
t:
  * lost his job in a leading position,
  * could not find a new job in a leading position because employers
feared repercussions,
  * got his bank accounts and credit cards terminated,
  * got denied an Apple phone from its mobile carrier,
  * got denied shipping services.
  * Sources:
[FAZ](https://www.faz.net/aktuell/politik/deutscher-auf-usa-terrorliste-
wegen-exporten-nach-iran-14552747.html),
[NDR](https://daserste.ndr.de/panorama/archiv/2016/Imperiales-Gehabe-der
- -lange-Arm-der-US-Gesetze,wirtschaftskrieg100.html)
  * Comment: Given the public available information. He had a higher
income than most people. Yet, he unfortunately did neither not attempt
or failed to defend himself using the legal system from harassment
inside Germany. Rather, he unfortunately did neither attempt, or
failed, it didn't have any option, to use the legal system to force
his removal from the blacklist. This is not a criticism of his person.
This is a criticism of the unfairness of the legal system. If he can't
defend himself using the legal system, what are the chances that
people with less income can.

[6]
https://forums.whonix.org/t/new-sysadmin-saying-hello/5446/12?u=patrick
[7] https://phabricator.whonix.org/T709
-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEEbpebKKbzfEO+MK+hy41Qu3e7PEgFAlxmdfVfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDZF
OTc5QjI4QTZGMzdDNDNCRTMwQUZBMUNCOEQ1MEJCNzdCQjNDNDgACgkQy41Qu3e7
PEgl6RAAj/vtGm3ZgqPOX+oHPuuOLHUdtviI7spaSUU0v1fvmHRTTJPsGzRaXazi
fv64+Ux7CR2MqkF79viCzmib7ixnGU4K0l2b21D/eFgYuNVMedZ6hqLilPcXKIH2
AKqzk77ba/cjX9NEm0qlk0mLxWItTUALNcThIefgjpXF3R7tB61sR8/es6Z8G8wf
fcsY1I5m51O2ejnTWSRbNX17clZVaGi//sJ2Ceb0mbNW+kldUGWO1QBf/2R2/rAu
H7A7RzOPP/ub6qofheAsCz0RblsaRWJ3VQUdhlmkS8Jm6pyUWJaqOcrx6TDov0hN
3VZTNxgqPU6L8VcZ2ut6jVBGToZg4hqVVgnNH3IcSB6hbCd87/thZlSJYeM2td5w
wF3/xLTCwEBPHFwEZwAebgfyr8QF6SHeY4g/Vj8MWAzp9oavJbDEKxNZhr1O+xpg
fOfDxGXGtwWa62uuxwTS2OcrYTdJncp7jyurDcfva5WI/G/GyBxKayuuXXB1jDSl
Xyp60oJJwJ0Gr2U83cN50sOFU7JWeVqqs9iTxXhBJ4BNIHkSd34r8Mv/urYVp0TO
Ljhus0QU6TvZGrAZEYlH2xokwgqxHo9zBtJGZiD+LaLIwsojgjaIuLDiQ8V1z85N
hq51CnYYvKBv/eaxSg6AXpsIW67Bl5ViUTtqglJrbVpR0gFI8ug=
=ZJwd
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1b4baf85-bbff-541a-c97c-2c489381fc12%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] sys-whonix-14 updates issues

2019-01-14 Thread Patrick Schleizer
Mathew:
> Hello,
> 
> Just to know if there is a solution for whonix-gw/whonix-ws updates ?
> Noted that I can update/upgrade sys-whonix-14 without any problems ! I have 
> to do it again after rebooting though.
> 
> $ sudo apt-get-update-plus dist-upgrade
> WARNING: Execution of /usr/bin/apt-get prevented by /etc/uwt.d/40_qubes.conf 
> because no torified Qubes updates proxy found.
> 
> Please make sure Whonix-Gateway (commonly called sys-whonix) is running.
> 
> - If you are using Qubes R3.2: The NetVM of this TemplateVM should be set to 
> Whonix-Gateway (commonly called sys-whonix).
> 
> - If you are using Qubes R4 or higher: Check your _dom0_ 
> /etc/qubes-rpc/policy/qubes.UpdatesProxy settings.
> 
> _At the very top_ of that file.
> 
> Should have the following syntax:
> Name-Of-Whonix-TemplateVM $default 
> allow,target=Whonix-Gateway-TemplateBased-ProxyVM
> 
> Example entry for Whonix-Gateway TemplateVM:
> whonix-gw-14 $default allow,target=sys-whonix
> 
> Example entry for Whonix-Workstation TemplateVM:
> whonix-ws-14 $default allow,target=sys-whonix
> 
> Try running in Whonix-Gateway (commonly called sys-whonix):
> sudo systemctl restart qubes-whonix-torified-updates-proxy-check
> 
> If this warning message is transient, it can be safely ignored.
> 
> Thanks !
> 
> Regards,
> Mathew
> 

What's your /etc/qubes-rpc/policy/qubes.UpdatesProxy settings?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9df3628f-7e56-19b0-8754-0f2806f1372d%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Device Widget doesn't show USB devices

2019-01-12 Thread Patrick
Hi, on my laptop qubes this doesn't show any usb devices, and an external 
keyboard using USB doesn't work. What can I check and do? I compare my settings 
to my other machine running 4.0 and they look the same, and do see USB.

One difference - I do not see a sys-USB on my machine that DOES work with USB, 
and I DO see the sys-USB on the laptop that doesn't show USB.

Thoughts?

Thanks,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3cd3a86d-58ef-4deb-9d20-b220a47b7d4c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Whonix GW & WS upgrade failed (Help)

2018-12-17 Thread Patrick Schleizer
qubes123...@gmail.com:
> I press upgrade at Whonix GW & WS and get this message, see Screnshoot, what 
> should I do? thank you in advance ;)
> 
> https://ibb.co/XbCsJWQ
> 

The problem probably was that Whonix wasn't setup using Qubes salt.
Manual installation of Whonix is unsupported. Please use Qubes salt as
per documentation.

https://www.whonix.org/wiki/Qubes/Install

https://www.whonix.org/wiki/Qubes/Uninstall

https://www.whonix.org/wiki/Qubes/Reinstall

In response I improved that error message, created a new wiki page and
added a link from the error message to it.

https://www.whonix.org/wiki/Qubes/UpdatesProxy

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7e5b2a53-35b8-23c7-c53b-e36f2ed81427%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Qubes-Whonix 14 (4.0.1-201811291216) Point Release for Qubes R4

2018-12-17 Thread Patrick Schleizer
This is a [point release](https://www.whonix.org/wiki/Point_Release).

> A **point release** is not a separate, new version of Whonix. Instead,
it is a re-release of Whonix which is inclusive of all updates up to a
certain point.
>
> Installing any version of Whonix 14 and fully updating it leads to a
system which is identical to installing a Whonix point release.
>
> **If the Whonix installation is
[updated](https://www.whonix.org/wiki/Update), no further action is
required.**
>
> Regardless of the current installed version of Whonix, if users wish
to install (or reinstall) Whonix for any reason, then the point release
is a convenient and more secure method, since it bundles all Whonix
updates that are available at that specific time.



Either:

* **A)** [uninstall](https://www.whonix.org/wiki/Qubes/Uninstall) and
[install](https://www.whonix.org/wiki/Qubes/Install) OR;
* **B)** [reinstall](https://www.whonix.org/wiki/Qubes/Reinstall).



* https://github.com/QubesOS/updates-status/issues/817
* https://github.com/QubesOS/updates-status/issues/818

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8cfeb1ef-55d0-63d1-8803-3424faa6becd%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] seven new Meltdown and Spectre attacks

2018-11-22 Thread Patrick Schleizer
https://www.zdnet.com/article/researchers-discover-seven-new-meltdown-and-spectre-attacks/

**November 14, 2018**

Quote:

> Experiments showed that processors from AMD, ARM, and Intel are affected.

Is Qubes affected?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eb98bfcb-2676-c540-f796-9bfe4dde75fb%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] salty whonix 14 -- problems.

2018-11-22 Thread Patrick Schleizer
haaber:
> Second, there is no Directory /var/lib/tor/.tor  shall I create it?
> which permissions?

No.

Apply this:

https://www.whonix.org/wiki/Tor#Permissions_Fix

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7083738e-033e-5194-9ce9-bd27d8c62709%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] updating tor browser in whonix-ws dispvms

2018-11-21 Thread Patrick Schleizer
J.M. Porup:
> Is anyone else using whonix-ws based dispvms?
> 
> Until recently, tor browser received updates via whonix repos. For some
> reason that seems to have stopped.
> 
> The problem is that every time I open a new whonix-ws based dispvm, I'm
> prompted to download a new version of TBB. Doing so a dozen times a day
> or more gets a bit tedious.
> 
> Per Whonix docs, I've tried running update-torbrowser in the templatevm,
> but the command line output tells me not to bother, because the download
> will be in /home and won't propagate to dispvms.
> 
> I've taken a close look at Qubes and Whonix docs, but nothing is jumping
> out at me as a possible solution. Maybe I'm missing something.
> 
> Any ideas?
> 
> thanks
> jmp
> 
> 
> 

Dedicated wiki page on Tor Browser update in Qubes-Whonix was recently
created:

https://www.whonix.org/wiki/Qubes/Tor_Browser

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/159b-57c2-5b80-6499-ea0d3208f13a%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Reinstall Qubes-Whonix TemplateVMs documentation revamped

2018-11-20 Thread Patrick Schleizer
https://www.whonix.org/wiki/Qubes/Reinstall

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/848894e9-5e3b-b4cb-327b-0e741aa0caf5%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] TOR browser updates.

2018-11-20 Thread Patrick Schleizer
William Fisher:
> How do I update the TOR browsers at the Template VM level? I've updated TOR 
> at the APP level but it doesn't stay updated.
> 

New documentation page just now created focusing only on updating Tor
Browser in Qubes-Whonix:

https://www.whonix.org/wiki/Qubes/Tor_Browser

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e2149b99-9d5d-0ea0-be41-c8cd3388d135%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] debian-based templates (and whonix) ignore dom0 keyboard language in 4.0.1 but not 4.0

2018-11-19 Thread Patrick Schleizer
ryangr...@tuta.io:
> I'm pretty sure this is a bug (linked below), but am posting here just in 
> case there might be something I am missing:
> https://github.com/QubesOS/updates-status/issues/791 
> 
> I set the language/keymap settings via localectl as recommended, as well as 
> in the VMs themselves, but the debian-9 and whonix VMs default to english 
> querty still. Removing those and installing the 4.0 templates in the 4.0.1 
> host demonstrates expected inheritance of settings as it should. I could not 
> even find a way besides a startup script to set keyboard settings in the VMs 
> (even /etc/default/keyboard in the VMs was ignored by the templates). 
> Fedora-29 templates seem to be fine. Any ideas? 
> 
> Thanks!
> Ryan
> 

Every time I start a terminal.

Example:

setxkbmap de

Syntax:

setxkbmap yourkeymap

Likely possible to automate using /rw/config/rc.local, /etc/profile.d/,
/etc/X11/Xsession.d/, systemd or otherwise.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7ad936e7-fd33-86d4-c35b-decdea1f6730%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Donation costs

2018-11-19 Thread Patrick Schleizer
Achim Patzner:
>> Crypto payments and cash in mail to trusted qubes people (with secret
>> shoppers to help ensure honesty) are the least terrible option.
> 
>> From my point of view on ecology: not. Besides throwing all your money 
> towards China, too or where do you think is most crypto mining being
> done because there currently is no place you're paying less for the
> ecological damage right now. So while China's censorship is not
> threatening me right now, adding unnecessary carbon dioxide to my
> environment is.

I don't think crypto currencies add much carbon dioxide compared to
legacy financial institutions.

How much unnecessary carbon dioxide by all...?

- bank towers (building, electricity, water, maintenance)
- bank employees commuting to banks every work day by cars emitting fumes
- server farms for financial institutions
- cash transports

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e2a72de4-e639-cb32-393f-497225550649%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Qubes 3.2 whonix 14 connects to tor, but there is no connection

2018-11-18 Thread Patrick Schleizer
aaq via qubes-users:
> lørdag den 17. november 2018 kl. 17.01.02 UTC+1 skrev Patrick Schleizer:
>> Franz:
>>> I succesfully updated to whonix 14, when the VM start a message tells:
>>> "connected to tor" making me happy, But if I ping google I get:
>>>
>>> user@host:~$ ping google.com
>>> PING google.com (216.58.207.206) 56(84) bytes of data.
>>> >From 10.137.5.34 (10.137.5.34) icmp_seq=1 Destination Port Unreachable
>>> ping: sendmsg: Operation not permitted
>>>
>>>
>>> what may be wrong?
>>> Best
>>>
>>
>> ping is UDP. And Tor doesn't support UDP.
>>
>> https://www.whonix.org/wiki/Tor#UDP
> 
> Ping is ICMP, not UDP.
> https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol
> 

Indeed however the basic point still stands - unsupported by Tor.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b664dcf2-a31c-0d19-f36a-49c1f212b17d%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] whonix upgrade, qubes4

2018-11-17 Thread Patrick Schleizer
b...@damon.com:
> I went thru the steps to remove any existing whonix.  No errors were reported.
> Then I issued the command to re-install whonix-14.
> 
> Whonix does not work.  Whenever I boot up one of the VMs based on the new 
> whonix, I find that qrexec-agent is crashing.
> 
> [   15.903799] qrexec-agent[789]: segfault at 70d5257f6ff8 ip 
> 70d5255f3355 sp 70d5257f7000 error 6 in ld-2.24.so[70d5255dd000+23000]
> 
> This is similar to whonix-9 template issues some have seen.
> 
> 
> qubesdb-daemon also segfaults in the same manner earlier in the boot.
> 

Please report this to:

https://github.com/QubesOS/qubes-issues/issues

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/534a5c2e-b738-6c60-09e1-a3f4c9658ec7%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Whonix upgrade failure

2018-11-17 Thread Patrick Schleizer
Documentation was upgraded meanwhile.

Black Beard:
> 
> Hey Community,
> 
> 
> i tried to following the tutorial to upgrade Whonix 13 to 14.
> 
> https://www.whonix.org/wiki/Qubes/Install
> 
> I first start to try uninstall the old Version of Whonix with Option B.
> 
> When i tried to install the dummy template with following command "sudo 
> qubes-dom0-update qubes-template-dummy" i become some error message "unable 
> to find a match".

This won't work.

Dummy template is covered in Qubes-Whonix documentation where needed.

https://www.whonix.org/wiki/Qubes/Install

https://www.whonix.org/wiki/Qubes/Reinstall

https://www.whonix.org/wiki/Qubes/Uninstall

> So i cant create the template and upgrade Whonix.
> 
> Can anybody says me how to update the Debian 9 Template? I found some 
> tutorials but always become an error message.
> 
> Did some profi how to fix the probleme?
> 
> About a message i would be happy.
> 
> regards
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ee899d95-5209-e5d9-0968-3d0ec8cdc200%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Whonix 14 upgraded - only a couple of mis-steps

2018-11-17 Thread Patrick Schleizer
Dave:
> Success! but not without a few snags...
> 
> Using Qube-Manager to remove templateVM resulted in:
> [Dom0] Error removing Qube! ERROR: Domain is in use: details in system log
> 
> ran QVM-LS; verified Qube state halted
> 
> found reference: https://github.com/QubesOS/qubes-issues/issues/3193
> and followed instructions:
> 
> I wasn't aware of the Default-Disposable-VM setting on the Advanced tab in 
> Qube Mangager GUI
> 
> The required commands are:
> qvm-prefs --set whonix-ws-dvm netvm ""
> qvm-prefs --set whonix-ws-dvm default_dispvm ""
> qvm-remove whonix-ws-dvm
> qvm-remove sys-whonix
> 
> Took these actions:
> changed netVM's to "" in appVMs using sys-whonix
> changed templateVM in appVMs using whonix-** to other
> changed global-property-updatevm to another netVM
> 
> Again attempted: sudo qvm-remove whonix-ws
> 
> Now new err msg returned: ERROR: VM installed by package manager: whonix-ws
> but the correct command was: $ sudo dnf remove qubes-template-whonix-**
> 
> REINSTALLATION ran much smoother using 
> "The recommended approach is to use salt (wrapped by the command qubesctl in 
> Qubes), as this one call automatically:" 
> i/a/w https://www.whonix.org/wiki/Qubes/Install
> 
> That ran without a hitch. Then UPDATE the new templates.
> 
> sudo apt-get update (Whonix is Debian based, so dnf doesn't work)
> 
> Now to push on and upgrade Fedora 26 to 28 (starting to get this too, Wolf 
> moon)
> 

Could you please check if Qubes-Whonix wiki documentation is complete
and consider to contribute anything missing?

https://www.whonix.org/wiki/Qubes

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8252d508-eaf3-0f05-9ae1-ab67213e83ef%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] pEp in Enigmail-Thunderbird in Whonix-14 Qubes

2018-11-17 Thread Patrick Schleizer
qubes-...@tutanota.com:
> Hi, I learned that in Whonix-14 in Qubes 4.0 there is no default support for 
> pEp in Enigmail-Thunderbird. Is it Qubes specific or Whonix specific? Is 
> there any reason for not supporting pEp in Whonix? 
> 
> In other templates after installing the Enigmail addon the support for pEp 
> jumps up automatically like Enigmail/pEp.
> 
> Thank you!
> 

Whonix uses the same package as Debian. So Debian specific and Whonix
inherits this.

This sort of question has a much higher chance of getting answered
timely in Whonix forums.

Check this out:

https://www.whonix.org/wiki/Encrypted_Email_with_Thunderbird_and_Enigmail

This may be useful later:

https://www.whonix.org/wiki/E-Mail#Pretty_Easy_Privacy

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/39206461-79ca-0d58-99a9-b08de707c2f6%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Whonix 14 - Update errors?

2018-11-17 Thread Patrick Schleizer
sm...@tutamail.com:
> ...again I want to thank the Whonix/Qubes team for everything they do!! You 
> are awesome...
> 
> In the spirit of feedback:
> 
> I just tried updating Whonix-ws-14 and started receiving errors? I saw 
> another post with similar 
> issues(https://groups.google.com/forum/#!topic/qubes-users/ppdbaDAavRY), I 
> thought it best to call out the specific issue in the subject so it might 
> help others with this issue:
> 
> The error I get, when using the "Qubes Manager" -> "Whonix-ws-14" -> "Update 
> qube" is:
> 
> 
> Err:20
> tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion
> stretch Release
>   Connection failed
> Reading package lists... Done
> 
> 
> E: The repository
> 'tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion
> stretch Release' does no longer have a Release file.
> 
> N: Updating from such a repository can't be done securely, and is
> therefore disabled by default.
> 
> N: See apt-secure(8) manpage for repository creation and user
> configuration details. 
> 
> Whats strange is that I tried the update again while writing this post and it 
> appeared no updates were needed
> 
> I think I am OK but wanted to share.
>
Probably transient issue.

Documented here:

https://www.whonix.org/wiki/Qubes/Update

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/10dfe82a-22ad-741a-096f-f08779b14e05%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Cannot update whonix-gw-14

2018-11-17 Thread Patrick Schleizer
Probably transient issue.

Documented here:

https://www.whonix.org/wiki/Qubes/Update

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/14f93694-d6d5-aa09-8048-01f097f70b97%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: update broke whonix, can't reinstall

2018-11-17 Thread Patrick Schleizer
Stay tuned!

Basically it's hopefully all been covered in news.

https://www.whonix.org/wiki/Stay_Tuned

Qubes-Whonix documentation:

https://www.whonix.org/wiki/Qubes

https://www.whonix.org/wiki/Qubes/Install

https://www.whonix.org/wiki/Qubes/Reinstall

https://www.whonix.org/wiki/Qubes/Uninstall

Ryan Tate:
> qubes-template-whonix-gw
> qubes-template-whonix-ws

This is now:

qubes-template-whonix-gw-14

qubes-template-whonix-ws-14

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5df1ddc6-a1c8-d4c7-29c0-347cf0e40278%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] ERROR: Tor Bootstrap Result:

2018-11-17 Thread Patrick Schleizer
William Fisher:
> Turned out to be a clock settings problem. Set the clock to UTC and poof it 
> works!
> 

Host clock or VM clock?

How did you do it?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4920a5b8-31cc-d932-57ea-fd20ad89ace1%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Qubes 3.2 whonix 14 connects to tor, but there is no connection

2018-11-17 Thread Patrick Schleizer
Franz:
> I succesfully updated to whonix 14, when the VM start a message tells:
> "connected to tor" making me happy, But if I ping google I get:
> 
> user@host:~$ ping google.com
> PING google.com (216.58.207.206) 56(84) bytes of data.
>>From 10.137.5.34 (10.137.5.34) icmp_seq=1 Destination Port Unreachable
> ping: sendmsg: Operation not permitted
> 
> 
> what may be wrong?
> Best
> 

ping is UDP. And Tor doesn't support UDP.

https://www.whonix.org/wiki/Tor#UDP

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d67b1aee-d43f-18b8-f0ae-5138b1d7537e%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Qubes 3.2 whonix 14 connects to tor, but there is no connection

2018-11-17 Thread Patrick Schleizer
Franz:
> On Thu, Nov 15, 2018 at 4:47 PM pieter lems  wrote:
> 
>> is sys-net connected to the network?
>>
> 
> yes
> 
> And are you using an ethernet cable to connect to internet,
>>
> 
> no I am connected by wifi
> 

Qubes-Whonix support ending for Qubes 3.2(.1) - upgrade to Qubes R4.0 or
above required.

https://www.qubes-os.org/news/2018/10/05/whonix-support-ending-for-qubes-32/

https://forums.whonix.org/t/qubes-whonix-support-ending-for-qubes-3-2-upgrade-to-qubes-r4-0-or-above-required/6113

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e9fdb0f3-db53-4567-d30b-7bc5ba0a76d4%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Tor still doesn't work in the new Qubes 3.2.1

2018-11-17 Thread Patrick Schleizer
Máté Kovács:
> After I installed the new version of qubes, I tried everything today 
> afternoon to make it work but it wasn't successfull. Update every software.
> Got these error messages.

If you are talking about Whonix...

Qubes-Whonix support ending for Qubes 3.2(.1) - upgrade to Qubes R4.0 or
above required.

https://www.qubes-os.org/news/2018/10/05/whonix-support-ending-for-qubes-32/

https://forums.whonix.org/t/qubes-whonix-support-ending-for-qubes-3-2-upgrade-to-qubes-r4-0-or-above-required/6113

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b9063436-b6e4-85a4-950f-53a49caae097%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] 2nd external monitor using usb c-type

2018-11-13 Thread Patrick
Hello,

Has anyone done that - i.e. use a 2nd external monitor using a usb c-type 
connector?

In other words, can it be available to dom0 and all domains at the same time?

Thanks,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c09ea3b3-62c0-4adb-a54a-f94988b69fd6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Ubuntu templates

2018-10-29 Thread Patrick
On Saturday, October 27, 2018 at 9:51:56 PM UTC-5, unman wrote:
> On Fri, Oct 26, 2018 at 03:23:34PM -0700, Patrick wrote:
> > On Monday, October 8, 2018 at 9:28:26 AM UTC-5, unman wrote:
> > > It's now straight forward to build templates for bionic as well as xenial,
> > > using qubes-builder.
> > > 
> > > If you want to try them out before building, I've uploaded freshly built
> > > templates for 4.0, including a fairly hefty xenial-desktop template.
> > > You can find details at https://qubes.3isec.org 
> > > 
> > > Updated packages are available from the repositories there, if you
> > > already have a working template.
> > > 
> > > unman
> > 
> > Hi, I came to find this answer too, what is the best way to install an 
> > ubuntu vm?
> > 
> > Also, just fyi, I want to run the VMware-Horizon-Client in order to run 
> > VDI. Documentation says it's tested on ubuntu and Red Hat.
> > 
> > Thanks,
> > Patrick
> > 
> You can build your own template using qubes-builder.
> Instructions for that are in the docs:
> https://www.qubes-os.org/doc/qubes-builder
> 
> Use ./setup to select the ubuntu version you want, then make qubes-vm and
> make template will produce a new template.
> Actually, the build is broken at the moment while I figure out how best
> to deal with incorporating apt-transport-https in to the build, and mix
> in security updates.
> 
> In the meantime you can download some prebuilt Ubuntu templates from
> https://qubes.3isec.org/
> 
> Whatever route you take, transfer the template to dom0 and install it
> using dnf install 
> 
> unman

Thanks Unman,

Only, what's the difference between bionic and xenial? Sorry. Anyway I'm using 
64 bit, qubes 4.0 on an Acer Aspire 5 - AS15

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0f493958-8126-4ffe-a0e0-0e5f4a834f43%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: A message from Marek Marczykowski-Górecki

2018-10-26 Thread Patrick
On Thursday, October 25, 2018 at 9:29:05 PM UTC-5, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> Dear Qubes Community,
> 
> Marek Marczykowski-Górecki published the following message on the Qubes
> website today. The plain text source is included below.
> 
> https://www.qubes-os.org/news/2018/10/25/thank-you-joanna/
> 
> ```
> Thank you, Joanna!
> ==
> 
> The Qubes OS project was [founded by Joanna Rutkowska in 2009][qubes-founded].
> I joined the project in its early days, before Qubes 1.0, and have been part 
> of
> the team under Joanna's leadership since then. Over the past nine years, the
> system architecture has been enhanced multiple times, including major changes
> like [HVM with stubdomain support][windows], the [Hypervisor Abstraction Layer
> (HAL)][HAL], and finally, in Qubes 4.0, the [Admin API][admin-api] and [switch
> to PVH][pvh] as the main VM type. The project has also matured a lot. We
> started as a set of [a few][original-packages] [manually built][build] 
> packages
> installed [on top of Fedora 12][alpha-1-install]. Now, we have a [build
> infrastructure][build-infra], documented [versioning scheme][version-scheme]
> and [release schedules][release-schedules], [coding guidelines][coding-style],
> and [automated tests][automated-tests]. The core part of Qubes has also been
> rewritten a few times since its original release.  The project's success can 
> be
> measured by its growing community, including deployments like [SecureDrop] and
> [Let's Encrypt].
> 
> Today [Joanna announced][joanna-post] that she is stepping down from the
> project's leadership role and nominating me as her successor. I have been the
> project's lead engineer for a few years now, and I'm honored to officially 
> lead
> the project as a whole. I plan to continue the direction in which Qubes OS has
> been going, providing defenses [well ahead][netvm-tweet] of new attacks.
> 
> On behalf of the whole Qubes team, I'd like to thank Joanna for all of her
> years of work on the project. Under her leadership, Qubes OS has accomplished 
> a
> lot, with only some of its many successes mentioned above. We look forward to
> continuing to benefit from her expertise as an advisor. At the same time, we
> wish her all the best in her new role on the Golem Project!
> 
> [qubes-founded]: 
> https://blog.invisiblethings.org/2010/04/07/introducing-qubes-os.html
> [HAL]: 
> https://blog.invisiblethings.org/2013/03/21/introducing-qubes-odyssey-framework.html
> [windows]: 
> https://blog.invisiblethings.org/2012/12/14/qubes-2-beta-1-with-initial-windows.html
> [admin-api]: https://blog.invisiblethings.org/2017/06/27/qubes-admin-api.html
> [mgmt-stack]: https://www.qubes-os.org/news/2015/12/14/mgmt-stack/
> [pvh]: 
> https://www.qubes-os.org/news/2016/09/02/4-0-minimum-requirements-3-2-extended-support/
> [alpha-1-install]: 
> https://github.com/QubesOS/qubes-doc/blob/d6639edf47a7b85e54cd470380de25e1b7403407/InstallationGuide.md
> [build]: https://groups.google.com/d/msg/qubes-devel/cQ9yVxPMfoo/CTIXml3B_NcJ
> [original-packages]: 
> https://github.com/QubesOS/qubes-doc/blob/6ac51fb134093168ec3900c9bed22c3a86bcd021/SourceCode.md
> [build-infra]: 
> https://github.com/QubesOS/qubes-infrastructure/blob/master/README.md#detailed-description-of-the-infrastructure
> [release-schedules]: https://www.qubes-os.org/doc/releases/schedules/
> [coding-style]: https://www.qubes-os.org/doc/coding-style/
> [automated-tests]: https://www.qubes-os.org/doc/automated-tests/
> [version-scheme]: https://www.qubes-os.org/doc/version-scheme/
> [joanna-post]: /news/2018/10/25/the-next-chapter/
> [netvm-tweet]: https://twitter.com/rootkovska/status/530416582426902528
> [SecureDrop]: 
> https://securedrop.org/news/road-towards-integrated-securedrop-workstation/
> [Let's Encrypt]: https://twitter.com/RMLLsec16/status/749982515948027904
> ```
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> 
> -BEGIN PGP SIGNATURE-
> 
> iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlvSe88ACgkQ203TvDlQ
> MDBLaBAAlAp92zwYPM0bYRVUwZJPJiHJtAG13lpKF9riE87sI3g89mjRFx1VnTBy
> x6+dE8LIDneUhAcow9aFS1TODfOwBrpqsGA9+K9ZbQHtGPyLTAWJqG9P/5D65zDW
> VIyeHUUH17NWThYFUGQ8iw1XUq7IH71msMYOWBQYWwHCz0ecHo+2/xWRVvvN29EY
> /rjSiY+uAKJfYGmBi0BVONpoPUoBDXYGcBbOgLTnvgHDbs5UIWsdoNGrj/9FiOHH
> RtvcGyMTUHo+uHqDoHHZ4P+cYrqVXGKNnvFQcUcP18R3NurUGH9++B6QimsPUS+u
> 87jDlA1NOyTZ/vec97qD0mfYmDsjR7WbgTp6NUMQEX8KoTxf0ebEX95XCPVDI2pv
> SxSxfIAIvwaAc6/K9TL11iPlE63iL2YNFqbcj0DfYxMSvjw0bhvB9FumeAYNcNHB
> HGlFKUHwYLRaWtPePe7ElzUiAMfa4OBzH0sNccmkIBJJLlfVrsn++B3kE8HfrzuB
> Tb6f4/i+EljjvRy8MWmdwUA6FkLMal/hWW/WO1JSICrDLSousdRi0OslsALGYdBX
> rsYkuaBcEKRWeK9w056XslY9vU7RO7hFa8ArNprSkX8DpOVoIbqwepeEc5/b8V4T
> QTAOVboGtJvxTsnw0gmRVu04Oc+TO5lGz2MZIsRsc0fiV7f0t+g=
> =v5Ak
> -END PGP SIGNATURE-

So many thanks Joanna! Marek, sincere thanks for carrying on with the torch, I 
admire all the work!!!

-- 
You received 

[qubes-users] Re: Ubuntu templates

2018-10-26 Thread Patrick
On Monday, October 8, 2018 at 9:28:26 AM UTC-5, unman wrote:
> It's now straight forward to build templates for bionic as well as xenial,
> using qubes-builder.
> 
> If you want to try them out before building, I've uploaded freshly built
> templates for 4.0, including a fairly hefty xenial-desktop template.
> You can find details at https://qubes.3isec.org 
> 
> Updated packages are available from the repositories there, if you
> already have a working template.
> 
> unman

Hi, I came to find this answer too, what is the best way to install an ubuntu 
vm?

Also, just fyi, I want to run the VMware-Horizon-Client in order to run VDI. 
Documentation says it's tested on ubuntu and Red Hat.

Thanks,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2b51c720-de35-48ae-ad42-176ee6aedec6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Default keyring

2018-10-12 Thread Patrick
When creating a new template, then launching a browser in it (in order to 
install software), a dialog box asks:

An application wants access to the keyring "Default keyring".

Never seen this, my passwords don't work.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cdfe0295-90f1-4fe1-9401-7d4fef98d283%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] A few tips on installing Qubes 4.0

2018-09-24 Thread Patrick
On Sunday, September 23, 2018 at 10:53:12 PM UTC-5, Stuart Perkins wrote:
> On Mon, 24 Sep 2018 02:30:50 +
> "'William Pate' via qubes-users"  wrote:
> 
> >‐‐‐ Original Message ‐‐‐
> >On Sunday, September 23, 2018 8:56 PM, Patrick  
> >wrote:
> >
> >> Hi,
> >>
> >> I had already istalled 4.0 on my laptop and decided to upgrade a workhorse 
> >> desktop running 3.0. So I just boot to a usb stick with a validated 4.0 
> >> iso. Actually, that's the first tip, make sure you're using the "dd" 
> >> option when creating the iso (like the doc says anyway). That made a big 
> >> difference in just getting the boot right.
> >>
> >> I loaded it, had issues, tweaked some things, wasted time here and there 
> >> but what what worked well was:
> >>
> >> 1 - boot to and loading a disk partioner like https://gparted.org/
> >> - then I just removed all existing partitions.
> >>
> >> 2 - booting to and load a disk wipe program like killdisk: 
> >> http://www.killdisk.com/
> >> I don't know, I felt like there was just something existing on the disk 
> >> that was causing a problem, and when I erased and wiped the drive and then 
> >> did another 4.0 install it worked perfectly, no issues at all.
> >>
> >> PS - I had issues trying to get dban working, for some reason.
> >>
> >> Hope that helps some folks.
> >>
> >> Patrick
> >>
> >>  
> >
> >
> >
> >My fresh installation of Qubes 4.0 was similarly trouble-free. I put it on a 
> >Dell Latitude E7240 laptop. It took a while. I only partitioned the disk -- 
> >now to just figure out how to extend Qubes' partition over Windows'. Oh, and 
> >more RAM would be nice. (I jumped straight from no-Linux-knowledge to Qubes. 
> >It's taking a while to learn.)
> >
> >Next up: Lenovo W520.
> >
> >
> >
> >
> >William Pate
> >willp...@pm.me
> >512-947-3311
> >www.wopate.com
> >
> >
> >
> >
> >--
> >>
> >> You received this message because you are subscribed to the Google Groups 
> >> "qubes-users" group.
> >> To unsubscribe from this group and stop receiving emails from it, send an 
> >> email to qubes-users+unsubscr...@googlegroups.com.
> >> To post to this group, send email to qubes-users@googlegroups.com.
> >> To view this discussion on the web visit 
> >> https://groups.google.com/d/msgid/qubes-users/5bf26b3e-4c55-4c2e-8885-55e518151ec5%40googlegroups.com.
> >> For more options, visit https://groups.google.com/d/optout.  
> >
> >
> 
> Kinda like Ross Perot and Donald Trump's political careers...start by running 
> for President.
> 
> Just get a good grasp of the architecture of Qubes...separate programs from 
> data with templates...separate tasks with appVMs...restrict network exposure 
> to ONLY the tasks which require it...it works very well as long as you keep 
> that in mind when are working with it.

Hi Stuart, 
I like your input there, can you say a little more about it? I totally get 
separating tasks with appVMs, restricting network to each task, but say more on 
separating programs from data with templates - what are you doing in your case? 
Also, do you do some networking between the vms, etc?

In my case I'll have maybe some dev tools on a template, then maybe a couple of 
different google profiles on different vms, and of course I'll use the throw 
away browsers on any research I'm doing.

Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b4c3e024-0df7-48ee-9c0e-a0e45a9c0526%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] A few tips on installing Qubes 4.0

2018-09-23 Thread Patrick
Hi,

I had already istalled 4.0 on my laptop and decided to upgrade a workhorse 
desktop running 3.0. So I just boot to a usb stick with a validated 4.0 iso. 
Actually, that's the first tip, make sure you're using the "dd" option when 
creating the iso (like the doc says anyway). That made a big difference in just 
getting the boot right.

I loaded it, had issues, tweaked some things, wasted time here and there but 
what what worked well was:

1 - boot to and loading a disk partioner like https://gparted.org/
- then I just removed all existing partitions.

2 - booting to and load a disk wipe program like killdisk: 
http://www.killdisk.com/  
   I don't know, I felt like there was just something existing on the disk that 
was causing a problem, and when I erased and wiped the drive and then did 
another 4.0 install it worked perfectly, no issues at all.

PS - I had issues trying to get dban working, for some reason.

Hope that helps some folks.

Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5bf26b3e-4c55-4c2e-8885-55e518151ec5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Qubes 4.0 install from iso

2018-09-22 Thread Patrick
Hi, now I'm trying to upgrade an HP envy desktop system from qubes 3.2 to qubes 
4.0.

The system won't get into installation execution from the usb with qubes iso 
4.0, it goes into Dracut emergency shell.

Question - how do I write the journalctl file to the usb key from the # command 
line? I can't seem to make the regular commands work.

2nd - some of the errors in the log:

ACPI error : [GPLD] Namespace lookup failure
""  : Method parse/execution failed
""  : Method parse/execution



in the x509 section...
"couldn't get size"



usb 1-9: string descriptor 0 read error: -32



kernel : sd 4:0:0:0 [add] No caching mode page found

and

kernel : sd 4:0:0:0: [add] assuming drive cache: write through


Finally: 
Dracut-initqueue569 : warning: Dracut-initqueue timeout - starting timeout 
scripts

Then it finally dies and goes to Dracut.


Why different results with 4.0 and what suggestions can be made?

Thanks,





-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/529d5c67-bc20-4def-9431-9c4f015e78f0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Video Screen Capture app that works well in Qubes?

2018-09-11 Thread Patrick
Hi everyone,

I'd love to publish some things to youtube right out of a Qubes 4.0 VM. Anyone 
have a great app to recommend that you've been successful with in Qubes 4.0?

I have dual monitors, would love it even more if I can isolate the active 
capture screen.

Thanks,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2480ba47-7f01-4f2f-b58b-95d2c4dab742%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: please stay tuned on Whonix news

2018-09-09 Thread Patrick Schleizer
John S.Recdep:
> On 08/15/2018 07:23 PM, Patrick Schleizer wrote:
>> It is important to read the latest Whonix news to stay in touch with
>> ongoing developments. This way users benefit from notifications
>> concerning important security vulnerabilities and improved releases
>> which address identified issues, like those affecting the updater or
>> other core elements.
>>
>> Read more:
>> https://www.whonix.org/wiki/Stay_Tuned
>>
> 
> did something happen?

Nothing in particular. However, Whonix 14 release and deprecation notice
was missed by most.

> by "updater"  meaning sudo apt-get update && sudo apt-get dist-upgrade   ?

Yes, enable testers repository and that.

> seemed to be broken the other day, but seems ok
> don't see anything new on vuln issues
> https://forums.whonix.org/c/news
> 
> guess I can check again next month  :)
> 

RSS / e-mail or something would be better. A month is a long time. By
that time, testing may already be over.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f33defaa-026e-1737-de5a-7dead25cd5f6%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] AppArmor enabled by default in templates

2018-09-09 Thread Patrick Schleizer
Chris Laprise:
> Its good (and interesting) that Whonix have persevered with apparmor.
> Yet even though Torbrowser is based on Firefox, I couldn't for example
> take a Torbrowser apparmor profile and adapt it to Firefox. Again, this
> was some time ago, but at the time it just didn't work correctly.

Why not https://www.whonix.org/wiki/Tor_Browser_without_Tor would give
better security.

https://forums.whonix.org/t/todo-research-and-document-how-to-use-tor-browser-for-security-not-anonymity-how-to-use-tbb-using-clearnet

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/25f617af-e2e3-4d51-5fa3-3f70ab17acc3%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Template Clone Doesn't really clone

2018-09-07 Thread Patrick
On Wednesday, September 5, 2018 at 8:18:22 PM UTC-5, unman wrote:
> On Wed, Sep 05, 2018 at 10:30:29AM -0700, Patrick wrote:
> > Hey everyone.
> > 
> > Maybe I don't understand the expected behavior, but in Qubes 4.0, when you 
> > create a template, and then add software (Chrome for example), and it's 
> > installed on the template (and you can see it in the template shortcuts), 
> > why am I not able to clone the template and see the shortcut, or even the 
> > software installed? Is that a bug or expected?
> > 
> > Thanks.
> > Patrick
> > 
> 
> Have you tried the "Refresh Applications" button on the Applications
> pane of the Qubes Settings window for the cloned template?

Right again, unman, thanks much!
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/490e7b3e-ec43-41c8-bcf5-49315397f91e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Problems with Qubes 4 installation - Acer Aspire Laptop

2018-09-05 Thread Patrick
On Wednesday, September 5, 2018 at 12:10:24 AM UTC-5, lucas.s...@gmail.com 
wrote:
> Il giorno domenica 24 giugno 2018 02:59:11 UTC+2, lukz.e...@gmail.com ha 
> scritto:
> > > There is a somewhat drastic approach where you can use UEFI boot but still
> > > disable Xen support for it. It's painful because you have to manually copy
> > > files every time there's a Xen update, but it might help. See
> > > https://www.qubes-os.org/doc/uefi-troubleshooting/#installation-freezes-before-getting-to-anaconda--disable-efi-runtime-services
> > > if the other approach doesn't help.
> > 
> > Already tried this and didn't work, unfortunately.
> > 
> > I've disabled UEFI right now and the installation finally worked, so it 
> > really was EFI messing up my installation. I'm going to wipe out my disk 
> > and convert it to MBR, install Windows 10 all over again and then make a 
> > Windows 10 / Qubes dualboot.
> 
> my laptop model is Model Acer aspire A515-51G-51V7;
> I have the same problem, text->blackscreen->fan overwork.
> 
> and that poor soul have the same situation too 
> -->https://github.com/QubesOS/qubes-issues/issues/3995<--
> 
> legacy installation work quite well but everything in esp was blowed up in my 
> case (idk if i done something wrong with EFI shell or it's a qubes effect)
> 
> I await developments.

I also have the Acer 5 A515 and same exact problem. Here is my status:
I have Win 10 on one SSD, boot to it with UEFI mode and Qubes 4.0 on another 
and boot to it on Legacy. So yes, for the moment if I want to switch I first do 
a quick boot to setup/bios and change - it's pretty quick. While I'd love to 
get a menu, I'm not sure the pain is worth it.

Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ebc527ef-3fdc-4e51-87d6-3b4ed1e1968c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Template Clone Doesn't really clone

2018-09-05 Thread Patrick
Hey everyone.

Maybe I don't understand the expected behavior, but in Qubes 4.0, when you 
create a template, and then add software (Chrome for example), and it's 
installed on the template (and you can see it in the template shortcuts), why 
am I not able to clone the template and see the shortcut, or even the software 
installed? Is that a bug or expected?

Thanks.
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/441a69fb-c9c6-4a32-91fd-aaefa2efa167%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Unable to reset PCI device 0000:02.00.0

2018-09-05 Thread Patrick
On Tuesday, September 4, 2018 at 8:24:56 AM UTC-4, unman wrote:
> On Mon, Sep 03, 2018 at 08:06:01AM -0700, Patrick wrote:
> > On Monday, September 3, 2018 at 10:31:50 AM UTC-4, unman wrote:
> > > On Sun, Sep 02, 2018 at 03:56:46PM -0700, Patrick wrote:
> > > > On Sunday, September 2, 2018 at 3:34:34 PM UTC-4, Jean-Philippe Ouellet 
> > > > wrote:
> > > > > On Sun, Sep 2, 2018 at 10:12 AM, Patrick Bouldin
> > > > >  wrote:
> > > > > > On Sunday, September 2, 2018 at 10:10:55 AM UTC-4, Patrick Bouldin 
> > > > > > wrote:
> > > > > >> Qubes 4.0 Error - "Start failed: Requested operation is not valid: 
> > > > > >> PCI device :02:00.0 is in use by driver xenlight, domain 
> > > > > >> sys-usb
> > > > > >>
> > > > > >> I don't know how to copy the log folder over and qubes doesn't 
> > > > > >> have the wireless network, which I believe is related, but I've 
> > > > > >> attached a picture of the log.
> > > > > >>
> > > > > >> This is a new Qubes install on a new Acer laptop Aspire 
> > > > > >> A515-51-86AQ
> > > > > >> Booting in legacy mode.
> > > > > >>
> > > > > >> I can get into the main desktop and get to Dom0 terminal, but 
> > > > > >> can't launch any of the default domains.
> > > > > >>
> > > > > >> There is another thread on here with the same error. He ran:
> > > > > >> $ qvm-pci attach --persistent --option permissive=true --option 
> > > > > >> no-strict-reset=true sys-net dom0:00_XXX
> > > > > >>
> > > > > >> And it worked for him, but doesn't work for me, the response I get 
> > > > > >> is "error : backend vm "dom0" doesn't expose device "00.XXX"
> > > > > 
> > > > > The "XXX" in the PCI device should be filled in with your actual PCI 
> > > > > device.
> > > > > 
> > > > > >> So I wonder what "xenlight" is and it won't release what pci 
> > > > > >> device?
> > > > > 
> > > > > Just a library for interfacing with Xen. Unlikely to be the actual 
> > > > > problem.
> > > > > 
> > > > > >> Suggestions?
> > > > > >>
> > > > > >> Thanks,
> > > > > >> Patrick
> > > > > >
> > > > > > Pics attached here.
> > > > > 
> > > > > It would be the first time I've seen this, but it might perhaps be
> > > > > conceivable that changing BIOS settings caused your device to show up
> > > > > with a different BDF (essentially "PCI address") than when Qubes was
> > > > > installed? Use `lspci` in dom0 to enumerate them.
> > > > > 
> > > > > An easier way than doing this via the command line is to use the
> > > > > Devices tab of the Qubes VM Settings GUI - remove all devices then add
> > > > > the one which looks like your network device. You can also configure
> > > > > no-strict-reset via the button at the bottom of the GUI, which is
> > > > > sometimes necessary.
> > > > 
> > > > Thanks, I went to the work vm for example, and all of the devices were 
> > > > on the left side, nothing on the right, then I selected the wifi device 
> > > > and the response was "you've enabled dynamic memory balancing, some 
> > > > devices might not work!"
> > > > 
> > > > and, it won't let me apply that change, saying "Can't attach pci device 
> > > > to a VM in pvh mode"
> > > > 
> > > > Then I tried to issue your suggestion "$ qvm-pci attach --persistent 
> > > > --option permissive=true --option no-strict-reset=true sys-net 
> > > > dom02:00.0"which is my wireless device and the error response "no 
> > > > backend vm '02'"
> > > > 
> > > > 
> > > > I'm wondering if this is the right way to go or maybe just try a 
> > > > different installation route?
> > > > 
> > > > Thanks,
> > > > Patrick
> > > > 
> > > 
> > > There's a typo in your command:
> > > you have dom02:0

Re: [qubes-users] Re: Unable to reset PCI device 0000:02.00.0

2018-09-04 Thread Patrick
On Sunday, September 2, 2018 at 3:34:34 PM UTC-4, Jean-Philippe Ouellet wrote:
> On Sun, Sep 2, 2018 at 10:12 AM, Patrick Bouldin
>  wrote:
> > On Sunday, September 2, 2018 at 10:10:55 AM UTC-4, Patrick Bouldin wrote:
> >> Qubes 4.0 Error - "Start failed: Requested operation is not valid: PCI 
> >> device :02:00.0 is in use by driver xenlight, domain sys-usb
> >>
> >> I don't know how to copy the log folder over and qubes doesn't have the 
> >> wireless network, which I believe is related, but I've attached a picture 
> >> of the log.
> >>
> >> This is a new Qubes install on a new Acer laptop Aspire A515-51-86AQ
> >> Booting in legacy mode.
> >>
> >> I can get into the main desktop and get to Dom0 terminal, but can't launch 
> >> any of the default domains.
> >>
> >> There is another thread on here with the same error. He ran:
> >> $ qvm-pci attach --persistent --option permissive=true --option 
> >> no-strict-reset=true sys-net dom0:00_XXX
> >>
> >> And it worked for him, but doesn't work for me, the response I get is 
> >> "error : backend vm "dom0" doesn't expose device "00.XXX"
> 
> The "XXX" in the PCI device should be filled in with your actual PCI device.
> 
> >> So I wonder what "xenlight" is and it won't release what pci device?
> 
> Just a library for interfacing with Xen. Unlikely to be the actual problem.
> 
> >> Suggestions?
> >>
> >> Thanks,
> >> Patrick
> >
> > Pics attached here.
> 
> It would be the first time I've seen this, but it might perhaps be
> conceivable that changing BIOS settings caused your device to show up
> with a different BDF (essentially "PCI address") than when Qubes was
> installed? Use `lspci` in dom0 to enumerate them.
> 
> An easier way than doing this via the command line is to use the
> Devices tab of the Qubes VM Settings GUI - remove all devices then add
> the one which looks like your network device. You can also configure
> no-strict-reset via the button at the bottom of the GUI, which is
> sometimes necessary.

Wow you really know this stuff. Thanks to your advice I was able to piece it 
together. I confirmed as you said, then was able to start booting the VMs based 
on using PVM and removing all the device elements. I'm sure I've got a lot of 
experimenting to go but the basics are there with wireless.

Thanks so much,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/685cdfd7-bbb0-452f-ba5b-380e951157aa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Unable to reset PCI device 0000:02.00.0

2018-09-03 Thread Patrick
On Monday, September 3, 2018 at 10:31:50 AM UTC-4, unman wrote:
> On Sun, Sep 02, 2018 at 03:56:46PM -0700, Patrick wrote:
> > On Sunday, September 2, 2018 at 3:34:34 PM UTC-4, Jean-Philippe Ouellet 
> > wrote:
> > > On Sun, Sep 2, 2018 at 10:12 AM, Patrick Bouldin
> > >  wrote:
> > > > On Sunday, September 2, 2018 at 10:10:55 AM UTC-4, Patrick Bouldin 
> > > > wrote:
> > > >> Qubes 4.0 Error - "Start failed: Requested operation is not valid: PCI 
> > > >> device :02:00.0 is in use by driver xenlight, domain sys-usb
> > > >>
> > > >> I don't know how to copy the log folder over and qubes doesn't have 
> > > >> the wireless network, which I believe is related, but I've attached a 
> > > >> picture of the log.
> > > >>
> > > >> This is a new Qubes install on a new Acer laptop Aspire A515-51-86AQ
> > > >> Booting in legacy mode.
> > > >>
> > > >> I can get into the main desktop and get to Dom0 terminal, but can't 
> > > >> launch any of the default domains.
> > > >>
> > > >> There is another thread on here with the same error. He ran:
> > > >> $ qvm-pci attach --persistent --option permissive=true --option 
> > > >> no-strict-reset=true sys-net dom0:00_XXX
> > > >>
> > > >> And it worked for him, but doesn't work for me, the response I get is 
> > > >> "error : backend vm "dom0" doesn't expose device "00.XXX"
> > > 
> > > The "XXX" in the PCI device should be filled in with your actual PCI 
> > > device.
> > > 
> > > >> So I wonder what "xenlight" is and it won't release what pci device?
> > > 
> > > Just a library for interfacing with Xen. Unlikely to be the actual 
> > > problem.
> > > 
> > > >> Suggestions?
> > > >>
> > > >> Thanks,
> > > >> Patrick
> > > >
> > > > Pics attached here.
> > > 
> > > It would be the first time I've seen this, but it might perhaps be
> > > conceivable that changing BIOS settings caused your device to show up
> > > with a different BDF (essentially "PCI address") than when Qubes was
> > > installed? Use `lspci` in dom0 to enumerate them.
> > > 
> > > An easier way than doing this via the command line is to use the
> > > Devices tab of the Qubes VM Settings GUI - remove all devices then add
> > > the one which looks like your network device. You can also configure
> > > no-strict-reset via the button at the bottom of the GUI, which is
> > > sometimes necessary.
> > 
> > Thanks, I went to the work vm for example, and all of the devices were on 
> > the left side, nothing on the right, then I selected the wifi device and 
> > the response was "you've enabled dynamic memory balancing, some devices 
> > might not work!"
> > 
> > and, it won't let me apply that change, saying "Can't attach pci device to 
> > a VM in pvh mode"
> > 
> > Then I tried to issue your suggestion "$ qvm-pci attach --persistent 
> > --option permissive=true --option no-strict-reset=true sys-net dom02:00.0"  
> >   which is my wireless device and the error response "no backend vm '02'"
> > 
> > 
> > I'm wondering if this is the right way to go or maybe just try a different 
> > installation route?
> > 
> > Thanks,
> > Patrick
> > 
> 
> There's a typo in your command:
> you have dom02:00.0 and the command should be dom0:02
> 
> The two messages you received can be fixed in the Qube settings window.
> You can change the VM mode on the Advanced pane - select HVM.
> There's a checkbox for memory balancing on the same pane , if that's
> needed. I habitually turn this off and set the memory/maxmem settings
> low. ymmv

Thanks, I'm feeling outgunned on this one. I really have no idea about what is 
truly going on - what's the root cause issue and why? What device is not 
resetting and why that matters, etc. etc.

Just to be clear. While I'm able to get into the Qubes desktop, and can get to 
dom0 terminal, none of the pre-configured VMs are coming up. If I simply do a 
start from the Dom0 qubes manager, on any VM, the same error comes up:

"Unable to reset PCI device :01:00.1: Internal error: active :01:00.0 
devices on bus with :01:00.1 not doing bus reset."

The log says:
"unable to release device /dev/loop0: No such device or address"

I have tried all your suggestions (HVM/mem checkbox/low mem), no change in 
result.

Based on this, what is going on in the first place? I feel if I can understand 
the root of it I stand a chance in solving. 

Thanks,

Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d5abd8e2-8e59-4d1b-bc3c-2d7917a12c18%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Unable to reset PCI device 0000:02.00.0

2018-09-02 Thread Patrick
On Sunday, September 2, 2018 at 3:34:34 PM UTC-4, Jean-Philippe Ouellet wrote:
> On Sun, Sep 2, 2018 at 10:12 AM, Patrick Bouldin
>  wrote:
> > On Sunday, September 2, 2018 at 10:10:55 AM UTC-4, Patrick Bouldin wrote:
> >> Qubes 4.0 Error - "Start failed: Requested operation is not valid: PCI 
> >> device :02:00.0 is in use by driver xenlight, domain sys-usb
> >>
> >> I don't know how to copy the log folder over and qubes doesn't have the 
> >> wireless network, which I believe is related, but I've attached a picture 
> >> of the log.
> >>
> >> This is a new Qubes install on a new Acer laptop Aspire A515-51-86AQ
> >> Booting in legacy mode.
> >>
> >> I can get into the main desktop and get to Dom0 terminal, but can't launch 
> >> any of the default domains.
> >>
> >> There is another thread on here with the same error. He ran:
> >> $ qvm-pci attach --persistent --option permissive=true --option 
> >> no-strict-reset=true sys-net dom0:00_XXX
> >>
> >> And it worked for him, but doesn't work for me, the response I get is 
> >> "error : backend vm "dom0" doesn't expose device "00.XXX"
> 
> The "XXX" in the PCI device should be filled in with your actual PCI device.
> 
> >> So I wonder what "xenlight" is and it won't release what pci device?
> 
> Just a library for interfacing with Xen. Unlikely to be the actual problem.
> 
> >> Suggestions?
> >>
> >> Thanks,
> >> Patrick
> >
> > Pics attached here.
> 
> It would be the first time I've seen this, but it might perhaps be
> conceivable that changing BIOS settings caused your device to show up
> with a different BDF (essentially "PCI address") than when Qubes was
> installed? Use `lspci` in dom0 to enumerate them.
> 
> An easier way than doing this via the command line is to use the
> Devices tab of the Qubes VM Settings GUI - remove all devices then add
> the one which looks like your network device. You can also configure
> no-strict-reset via the button at the bottom of the GUI, which is
> sometimes necessary.

Thanks, I went to the work vm for example, and all of the devices were on the 
left side, nothing on the right, then I selected the wifi device and the 
response was "you've enabled dynamic memory balancing, some devices might not 
work!"

and, it won't let me apply that change, saying "Can't attach pci device to a VM 
in pvh mode"

Then I tried to issue your suggestion "$ qvm-pci attach --persistent --option 
permissive=true --option no-strict-reset=true sys-net dom02:00.0"which is 
my wireless device and the error response "no backend vm '02'"


I'm wondering if this is the right way to go or maybe just try a different 
installation route?

Thanks,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f1e058d6-10ea-41cb-b689-24ddadf64fcb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Unable to reset PCI device 0000:02.00.0

2018-09-02 Thread Patrick Bouldin
Qubes 4.0 Error - "Start failed: Requested operation is not valid: PCI device 
:02:00.0 is in use by driver xenlight, domain sys-usb

I don't know how to copy the log folder over and qubes doesn't have the 
wireless network, which I believe is related, but I've attached a picture of 
the log. 

This is a new Qubes install on a new Acer laptop Aspire A515-51-86AQ
Booting in legacy mode.

I can get into the main desktop and get to Dom0 terminal, but can't launch any 
of the default domains.

There is another thread on here with the same error. He ran:
$ qvm-pci attach --persistent --option permissive=true --option 
no-strict-reset=true sys-net dom0:00_XXX

And it worked for him, but doesn't work for me, the response I get is "error : 
backend vm "dom0" doesn't expose device "00.XXX"

So I wonder what "xenlight" is and it won't release what pci device?

Suggestions?

Thanks,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0db12c9b-92ec-4283-8b79-57f0bce92ae0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Whonix 14 - Updated, just lost Tor Browser for Whonix-dvm??

2018-08-29 Thread Patrick Schleizer
code9n:
> Same issue but when I try to update-torbrowser (or via Tor Browser 
> Downloader) the install fails because ttb's signature has expired.

Separate issue being discussed and answered here:

https://forums.whonix.org/t/update-torbrowser-key-expired/5782

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1635f116-bd79-e53b-494f-0f82d97c2562%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Whonix 14 - Updated, just lost Tor Browser for Whonix-dvm??

2018-08-29 Thread Patrick Schleizer
All updates regarding this issue here:

https://forums.whonix.org/t/bug-tor-browser-missing-in-dispvm-tor-browser-missing-in-whonix-ws-14-templatevm/5712/4

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1a82326c-dd83-1c70-f8f6-c3b43dc11979%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Whonix 14 - Updated, just lost Tor Browser for Whonix-dvm??

2018-08-29 Thread Patrick Schleizer
qubes-...@tutanota.com:
>The dvm should just get the Tor Browser from the whonix-ws-14-dvm same as 
>anon-whonix for example, right?

Yes.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/df8846be-ecba-74b2-b913-b88a784dbfd0%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Suggested order for loading Qubes 4.0?

2018-08-18 Thread Patrick Bouldin
On Friday, August 17, 2018 at 2:50:25 PM UTC-4, John S.Recdep wrote:
> On 08/17/2018 03:13 AM, 'awokd' via qubes-users wrote:
> > On Fri, August 17, 2018 6:03 am, Patrick Bouldin wrote:
> >> On Thursday, August 16, 2018 at 11:34:48 PM UTC-4, John S.Recdep wrote:
> >>
> >>> On 08/16/2018 04:25 AM, Patrick Bouldin wrote:
> >>>
> >>>> Hello, I got some great advice about having two hard drives since I
> >>>> want Windows on one drive and qubes on another. So I now have a good
> >>>> I7 laptop with two - 1/2 TB SSDs. I had in mind to load it this way,
> >>>> is the following correct?
> >>>>
> >>>> I'm starting with both SSDs empty, no OS on either.
> >>>>
> >>>>
> >>>> 1 Physically install both drives
> >>>>
> >>>>
> >>>> 2 Install Windows on disk 1 after booting to flash drive with windows
> >>>> ISO
> >>>>
> >>>>
> >>>> 3 Unplug windows based SSD drive just to be sure I'm on the right
> >>>> drive next
> >>>>
> >>>> 4 Boot to bios, modify bios to change 2nd SSD (to be Qubes) FROM
> >>>> Windows UEFI to other OS (correct?)
> >>>>
> >>>>
> >>>> 5 Boot to a flash drive loaded with the Qubes 4.0 install ISO
> >>>>
> >>>>
> >>>> This is the part I'm really not clear about, remember I'm working
> >>>> with two drives, booting to either the drive to windows or the drive
> >>>> to qubes. So, am I following the advice here?:
> >>>> https://www.qubes-os.org/doc/multiboot/
> >>>> - select custom layout, assign existing /boot partition as /boot,
> >>>> deselect the 'Format' option, continue with installation.
> >>>>
> >>>>
> >>>> Or, do I let Qubes install in automatic configuration and then
> >>>> manually modify the grub file?
> >>>>
> >>>>
> >>>> Thanks,
> >>>> Patrick
> >>>>
> >>>>
> >>>
> >>> Sounds like what I did/do   with windows 10 ; since it doesn't involve
> >>> Grub ,  probably won't be a problem ..
> >>>
> >>>
> >>> In my case however,  the uefi, I believe doesn't label the drive with
> >>> the  drive name, but changes it to  "windows" or "qubes" , which concerns
> >>> me , as I think it incorrect, I think that may be how uefi works  ymmv,
> >>> why not try it
> >>>
> >>> what is a "windows uefi" ? looks to me like
> >>> https://www.qubes-os.org/doc/multiboot
> >>>
> >>>
> >>> doesn't apply to you, its for single disk dual booting
> >>
> >> Hi John and thanks. I agree but I think after I install qubes then I will
> >> need to delay the grub screen in order to be able to choose either Win 10
> >> or Qubes. And I think I have to somehow tell qubes to look for the
> >> windows drive and then allow to choose it...  Anyway you're right, I
> >> think once I have them both loaded I hope to figure it out.
> > 
> > UEFI uses an EFI partition on one of your drives, so if you pull the
> > Windows drive it might get confused. You can try it, but if you have
> > problems might want to re-install with legacy/grub boot for both OSes.
> > 
> > 
> 
> I don't think Grub has to be involved at all, you just change  the boot
> order in  the  Bios-Uefi
> 
> If it doesn't work pulling the drive,  just leave it, When I put either
> win10 or Q4.0   , there is no Grub choice  being asked

Thanks to you both.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8a599a74-12ec-43cd-a091-155bf7f91e5a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Suggested order for loading Qubes 4.0?

2018-08-17 Thread Patrick Bouldin
On Thursday, August 16, 2018 at 11:34:48 PM UTC-4, John S.Recdep wrote:
> On 08/16/2018 04:25 AM, Patrick Bouldin wrote:
> > Hello, I got some great advice about having two hard drives since I want 
> > Windows on one drive and qubes on another. So I now have a good I7 laptop 
> > with two - 1/2 TB SSDs. I had in mind to load it this way, is the following 
> > correct?
> > 
> > I'm starting with both SSDs empty, no OS on either.
> > 
> > 1 Physically install both drives
> > 
> > 2 Install Windows on disk 1 after booting to flash drive with windows ISO
> > 
> > 3 Unplug windows based SSD drive just to be sure I'm on the right drive next
> > 
> > 4 Boot to bios, modify bios to change 2nd SSD (to be Qubes) FROM Windows 
> > UEFI to other OS (correct?)
> > 
> > 5 Boot to a flash drive loaded with the Qubes 4.0 install ISO 
> > 
> > This is the part I'm really not clear about, remember I'm working with two 
> > drives, booting to either the drive to windows or the drive to qubes. So, 
> > am I following the advice here?: https://www.qubes-os.org/doc/multiboot/
> >   - select custom layout, assign existing /boot partition as /boot, 
> > deselect the 
> > 'Format' option, continue with installation.   
> > 
> > Or, do I let Qubes install in automatic configuration and then manually 
> > modify the grub file?
> > 
> > 
> > Thanks,
> > Patrick
> > 
> 
> Sounds like what I did/do   with windows 10 ; since it doesn't involve
> Grub ,  probably won't be a problem ..
> 
> In my case however,  the uefi, I believe doesn't label the drive with
> the  drive name, but changes it to  "windows" or "qubes" , which
> concerns me , as I think it incorrect, I think that may be how uefi
> works  ymmv,  why not try it
> 
> what is a "windows uefi" ?
> looks to me like
> https://www.qubes-os.org/doc/multiboot
> 
> doesn't apply to you, its for single disk dual booting

Hi John and thanks. I agree but I think after I install qubes then I will need 
to delay the grub screen in order to be able to choose either Win 10 or Qubes. 
And I think I have to somehow tell qubes to look for the windows drive and then 
allow to choose it...  Anyway you're right, I think once I have them both 
loaded I hope to figure it out.

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/89bad39d-924e-4ba8-81a4-bdc7fd92f10d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Confused about verifying signatures

2018-08-16 Thread Patrick Bouldin
On Thursday, August 16, 2018 at 6:43:50 PM UTC-4, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2018-08-16 17:35, Andrew David Wong wrote:
> > On 2018-08-16 15:47, Patrick Bouldin wrote:
> >> Hi trying to validate 4.0. I downloaded the 
> >> qubes-master-signing-key.asc and then not able to progress. I did 
> >> find Joanna's qubes master signing key footprint, but I don't know 
> >> how to compare or take the next step...
> > 
> >> I did this with 3.0 a few years ago but can't remember...
> > 
> >> I did check the web site and still don't know.
> > 
> >> Thanks.
> > 
> > 
> > If you just want to see the fingerprint of the key you downloaded as a
> > file so that you can compare it to the fingerprint you obtained
> > through another channel, this is probably the simplest way:
> > 
> >   $ gpg2 qubes-master-signing-key.asc
> >   gpg: WARNING: no command supplied.  Trying to guess what you mean ...
> >   pub   rsa4096 2010-04-01 [SC]
> > 427F11FD0FAA4B080123F01CDDFA1A3E36879494
> >   uid   Qubes Master Signing Key
> > 
> 
> If you're using gpg instead of gpg2, there's the --with-fingerprint
> option:
> 
>   $ gpg --with-fingerprint qubes-master-signing-key.asc 
>   gpg: keyring `/home/user/.gnupg/secring.gpg' created
>   pub  4096R/36879494 2010-04-01 Qubes Master Signing Key
>   Key fingerprint = 427F 11FD 0FAA 4B08 0123  F01C DDFA 1A3E 3687 9494
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> 
> -BEGIN PGP SIGNATURE-
> 
> iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlt1/gQACgkQ203TvDlQ
> MDASEA//a1TzjaaAPwNS12GHWollY2WGqpSK7RZNEsHkBSJYPTaNayqOHXx2yzQ2
> Re5uPgpHofCYxNx96VhKFDE9rIo17ozrLrr+ZywESDn5GoIzM7BtUaKTR5GQWZx1
> E9vALH50GtNJAdb/SumOcdsDxrDj139wjcAuypWBDXK6lxF2hR/nDr7RZMxvfwTF
> uixM4LP7zhwOafLAbhXsa9wyu6ZsooTicdiSit+iQPk15oxLGjUSncQcIYuRLdvX
> yLht5/2ZPST1Jm9HyEEwOllMN4eFrMAc/StHhVxPWlUiqtr3xMki3IWZV+xi8sMh
> Ri0HmASNzLn4JwNQnPFQqnT+Z4Im8tiH24w/T8eHhP2hLo8tEfd5aq26xl0NoRbU
> Hcc69XXjzITQIi2d7YZHgtNgrml8zCjTRF+9p14cLyFFl2ISJsEZeus/egQWE6Rv
> aRMR+IPDG8HqCWepV+Y/of3lb+uqd7SBVJdcRavf/Jrlf/9AOeCRDUteTGsiJE14
> U9FksIiiZRclcHR+NFeZSbINvwlwNx2tO7o7YcbBxmqPMzsg20gHYfuI3GAnMY/R
> yHX52v6sXcM/4Y08TrTTHV1l+/EPUOnOb3adaIejNyEiHB5WiQ3fgoEwpX3GkKTb
> iCt4TJJKo6KRSG2EzMMLH0s69gGphqLtgC5+zEQg4X7NWpFzWX4=
> =cBsO
> -END PGP SIGNATURE-

Thanks and a quick question. I did get a final "Good signature", but curious, 
does that process actually modify the iso at all? Just would like to know 
because I pulled the iso file from my other pc and it will be easier to build 
the flash there.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8b5b5988-ee3d-43ab-a229-e1a2d176e27f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Suggested order for loading Qubes 4.0?

2018-08-16 Thread Patrick Bouldin
Hello, I got some great advice about having two hard drives since I want 
Windows on one drive and qubes on another. So I now have a good I7 laptop with 
two - 1/2 TB SSDs. I had in mind to load it this way, is the following correct?

I'm starting with both SSDs empty, no OS on either.

1 Physically install both drives

2 Install Windows on disk 1 after booting to flash drive with windows ISO

3 Unplug windows based SSD drive just to be sure I'm on the right drive next

4 Boot to bios, modify bios to change 2nd SSD (to be Qubes) FROM Windows UEFI 
to other OS (correct?)

5 Boot to a flash drive loaded with the Qubes 4.0 install ISO 

This is the part I'm really not clear about, remember I'm working with two 
drives, booting to either the drive to windows or the drive to qubes. So, am I 
following the advice here?: https://www.qubes-os.org/doc/multiboot/
  - select custom layout, assign existing /boot partition as /boot, deselect 
the 
'Format' option, continue with installation.   

Or, do I let Qubes install in automatic configuration and then manually modify 
the grub file?


Thanks,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f2522966-130c-4bec-9f78-2dcb54b58d4e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Whonix 14 - upgrade or re-install? Whats more smooth, less troublesome?

2018-08-16 Thread Patrick Schleizer
qubes-...@tutanota.com:
> Hi Patrick, should one switch the Qubes Tor networking backed normally by the 
> sys-whonix to newly created sys-whonix-backup? It make sense to 
> update/upgrade whonix through Tor.
> thx

If you manage to do that, sure.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c03beeec-6dcc-1a22-f952-2d229bb4a735%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Whonix 14 - upgrade or re-install? Whats more smooth, less troublesome?

2018-08-15 Thread Patrick Schleizer
Franz:
> On Tue, Aug 14, 2018 at 1:55 PM, Patrick Schleizer <
> patrick-mailingli...@whonix.org> wrote:
> 
>> Franz:
>>> when I try to uninstall whonix-ws
>>>
>>> sudo dnf remove qubes-template-whonix-ws*
>>>
>>> I get
>>> No match for argument: qubes-template-whonix-ws*
>>> Error: No packages marked for removal
>>>
>>> I followed this guide: https://www.whonix.org/wiki/Qubes/Uninstall
>>>
>>
>>
>> Output of...?
>>
>> dnf list | grep qubes-template-whonix
>>
> 
> 
> No output and no error. I forgot to mention I am using 3.2
> 

Output of...?

qvm-ls | grep whonix

Well, if didn't have Whonix installed yet/anymore then there is nothing
to uninstall. All ok then.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cf132bc8-e8bb-2e35-f052-6abbce1a196a%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Whonix 14 - Updated, just lost Tor Browser for Whonix-dvm??

2018-08-15 Thread Patrick Schleizer
Please contribute here:

https://www.whonix.org/wiki/Qubes/Disposable_VM

sm...@tutamail.com:
> I just transitioned to the new Whonix 14 templates, everything was working 
> great however I just updated both the -gw and -ws templates and lost the Tor 
> Browser(AnonDist) from the whonix-ws-14-dvm after update? When I launch a 
> "whonix-ws-14-dvm" browser I get a pop-up asking: "Tor Browser not 
> installed/Start Tor Browser download?".

Will look into it.

> The problem I am having is:
> 1) The "whonix-ws-14-dvm" starts but no gnome terminal launches?

Doesn't have gnome-terminal. Use:

konsole

> 2) Since whonix doesn't use "Firefox" what would I type to launch the "Tor 
> Browser"? Assuming I eventually get a gnome terminal to launch

torbrowser

> 3) How do I install the Tor Browser safely into either the template or -dvm?

Installed by default.

https://www.whonix.org/wiki/Tor_Browser#In_Qubes-Whonix

> Other notes:
> - I created an AppVM using the updated "whonix-ws-14" template, received a 
> popup that "Tor Browser" is not installed, installed the oldest browser per 
> the recommendation on the pop-up, however after installing another pop-up 
> states: "Signature looks quite old already...check signature looks sane".

https://www.whonix.org/wiki/Tor_Browser#Installation_Confirmation_Notification

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/baad6309-50f7-3d8f-10c2-212a021d9dcd%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] please stay tuned on Whonix news

2018-08-15 Thread Patrick Schleizer
It is important to read the latest Whonix news to stay in touch with
ongoing developments. This way users benefit from notifications
concerning important security vulnerabilities and improved releases
which address identified issues, like those affecting the updater or
other core elements.

Read more:
https://www.whonix.org/wiki/Stay_Tuned

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b6cf495d-79e8-003f-5945-bd232b69aa83%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Guide: Monero wallet/daemon isolation w/qubes+whonix

2018-08-15 Thread Patrick Schleizer
https://getmonero.org/resources/user-guides/cli_wallet_daemon_isolation_qubes_whonix.html
is missing how to actually use it.

I guess it is simply: run `monero-wallet-cli` or monero gui in
monero-wallet-ws."

0xB44EFD8751077F97:
> Patrick Schleizer:
>> I didn't notice this thread until now.
>>
>> Interesting!
>>
>> Now reference here:
>> https://www.whonix.org/wiki/Monero
>>
>>
>> I am wondering how to save users from as many manual steps as possible.
>>
>>
>> To save users from having to edit /rw/config/rc.local...
>>
>>> socat TCP-LISTEN:18081,fork,bind=127.0.0.1 EXEC:"qrexec-client-vm
>> monerod-ws user.monerod"
>>
>> Could maybe replaced by file:
>>
>> /etc/anon-ws-disable-stacked-tor.d/40_monero.conf
>>
>> content:
>>
>> $pre_command socat TCP-LISTEN:18081,fork,bind=127.0.0.1
>> EXEC:"qrexec-client-vm monerod-ws user.monerod"
>>
>> Should work after reboot (or after "sudo systemctl restart
>> anon-ws-disable-stacked-tor").
>>
>> Untested.
>>
>> Reference:
>> https://github.com/Whonix/anon-ws-disable-stacked-tor/blob/master/etc/anon-ws-disable-stacked-tor.d/30_anon-dist.conf
>>
> 
> Tested, works on Whonix 14/Qubes 4.0.
> 
> Would you consider shipping this as a default Whonix file, or maybe part
> of a package?

In package https://github.com/Whonix/qubes-whonix when using socket
activation, yes.

Similar to:

-
https://github.com/Whonix/anon-ws-disable-stacked-tor/blob/master/lib/systemd/system/anon-ws-disable-stacked-tor_autogen_port_9050.socket

-
https://github.com/Whonix/anon-ws-disable-stacked-tor/blob/master/lib/systemd/system/anon-ws-disable-stacked-tor_autogen_port_9050.service

File name should not contain "anon-ws-disable-stacked-tor" / "autogen".

File names...?

/lib/systemd/system/qubes-whonix-monerod.socket
/lib/systemd/system/qubes-whonix-monerod.service

Replace "ExecStart=/lib/systemd/systemd-socket-proxyd 10.152.152.10:9050"

with:

socat TCP-LISTEN:18081,fork,bind=127.0.0.1 EXEC:"qrexec-client-vm
monerod-ws user.monerod"

Untested. Does that work?

Would this break monerod for users not using this Monero wallet/daemon
isolation? I mean, does monerod use local port 18081 by default? In that
case we'd need to change that port.

> If not, the user will have to put this on the TemplateVM
> or config bind-dirs; which are both additional steps.
>>
>>
>> /etc/qubes-rpc/policy/user.monerod could maybe become:
>> /etc/qubes-rpc/policy/whonix.monerod
>>
>> To have users from manually creating it, could be dropped here:
>>
>> https://github.com/QubesOS/qubes-core-admin-addon-whonix/tree/master/qubes-rpc-policy
>>
>> If you like, create a pull request and see what Marek thinks.
>>
> 
> This would be useful. It's on my radar.
> 
>>
>>
>> /home/user/monerod.service would be better in /rw so only root can write
>> to it. Even better perhaps systemd user services?
>>
>> https://www.brendanlong.com/systemd-user-services-are-amazing.html
>>
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820111
>>
>>
> 
> Interesting, I didn't know about this. I don't see how moving the file
> from /home/user/ to /home/user/.config/systemd/user is more secure,
> though.

> I think moving it to /rw may be slightly better, but
> passwordless sudo kind of negates that.

Indeed only useful for users of these:

- https://www.qubes-os.org/doc/vm-sudo/
- https://github.com/tasket/Qubes-VM-hardening

Qubes-VM-hardening will be easily available one day probably.

https://github.com/QubesOS/qubes-issues/issues/2748

I guess password protected sudo will get more and more easy in Qubes so
very much worth going for proper access rights.

> The best would be to put it on the TemplateVM in /lib/systemd/system/,
> but, again, this is more steps for the user.
> 
> In regards to monero being in stretch-backports now, I think it might be
> an equal number of steps or more than there is now, and more confusing
> for the user, to add stretch-backports to the TemplateVM's sources and
> install via apt. If it were in stretch this would be no question.
> 

And only monerod is in Debian. monero gui is not.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/66b6ac66-17dc-64a2-b547-54246de0c46b%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes OS dual boot question

2018-08-14 Thread Patrick Bouldin
On Monday, August 13, 2018 at 4:17:31 PM UTC-4, Patrick Bouldin wrote:
> I have a goal to buy a new laptop, preconfigured with Windows, and then 
> within Windows I will reallocate disk space in order to install Qubes4.0.
> 
> In the past with prior versions of Qubes that has sometimes been problematic, 
> is that fixed with 4.0 or still a problem?
> 
> Any input on how to proceed?
> 
> One data point, while I can recreate windows it's a pain in the butt to get 
> the licensing back on the machine. I can do it, but would like to avoid it.
> 
> Thanks,
> Patrick

Hello, Sphere - apologies, I didn't recognize the help you were giving me was 
tactually a better approach than dual boot. Thanks for that. Also, I just have 
to find the details on how I'd approach that solution. If I get a laptop that's 
preloaded with the SSD+HDD already then I would need to unwind that. Perhaps 
should just by something that has the SSD already, and add the HDD - but then I 
need to find the details on how to boot to either one.

Thanks again.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4857e886-6b24-4353-a527-8d996c174166%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Whonix 14 - upgrade or re-install? Whats more smooth, less troublesome?

2018-08-14 Thread Patrick Schleizer
This is completely untested. Let me know what you think and if this
works for you.

* A backup of all Qubes VMs using the usual Qubes backup mechanism
(independent from below) is advisable anyhow.

* One who mind about their contents could clone their sys-whonix to
sys-whonix-backup and clone their anon-whonix to anon-whonix-backup.
Those who don't mind about their contents probably don't have this issue
anyhow?

* Then delete anon-whonix and sys-whonix.

* Then proceed as per https://www.whonix.org/wiki/Qubes/Install

* Then delete the newly created sys-whonix / anon-whonix.

* Clone sys-whonix-backup to sys-whonix.

* Clone anon-whonix-backup to anon-whonix.

* Finally delete superfluous sys-whonix-backup / anon-whonix-backup.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c99cf0c7-5fcd-f75c-cc61-3cb8ebf5a703%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Whonix 14 - upgrade or re-install? Whats more smooth, less troublesome?

2018-08-14 Thread Patrick Schleizer
Thank you for looking into this!

Chris Laprise:
> It was a bit confusing, but from the wiki Install page I picked out
> these relevant steps for dom0 (Qubes 4.0):
> 
> $ sudo qubes-dom0-update qubes-core-admin-addon-whonix
> $ sudo qubesctl state.sls qvm.anon-whonix
> 
> The second command will start the download and install, although it does
> not give much feedback.

Created 'add salt download progress indicator' #4215
https://github.com/QubesOS/qubes-issues/issues/4215
for it.

> Also, there is no need to clone old whonix-gw in the steps I mentioned
> earlier;

Why not?

> Also, there is no need to clone old whonix-gw in the steps I mentioned
> earlier; only whonix-ws is needed. Once you have your appVMs switched
> over to whonix-ws-14 you can delete the clone.

Why needs whonix-ws to be cloned anyhow if you like to install from
Qubes repository?

whonix-ws should be ignored by salt since the template name changed to
whonix-ws-14?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/baac5869-ed98-03ea-e31b-8e155273a2ed%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Guide: Monero wallet/daemon isolation w/qubes+whonix

2018-08-14 Thread Patrick Schleizer
I didn't notice this thread until now.

Interesting!

Now reference here:
https://www.whonix.org/wiki/Monero


I am wondering how to save users from as many manual steps as possible.


To save users from having to edit /rw/config/rc.local...

> socat TCP-LISTEN:18081,fork,bind=127.0.0.1 EXEC:"qrexec-client-vm
monerod-ws user.monerod"

Could maybe replaced by file:

/etc/anon-ws-disable-stacked-tor.d/40_monero.conf

content:

$pre_command socat TCP-LISTEN:18081,fork,bind=127.0.0.1
EXEC:"qrexec-client-vm monerod-ws user.monerod"

Should work after reboot (or after "sudo systemctl restart
anon-ws-disable-stacked-tor").

Untested.

Reference:
https://github.com/Whonix/anon-ws-disable-stacked-tor/blob/master/etc/anon-ws-disable-stacked-tor.d/30_anon-dist.conf



/etc/qubes-rpc/policy/user.monerod could maybe become:
/etc/qubes-rpc/policy/whonix.monerod

To have users from manually creating it, could be dropped here:

https://github.com/QubesOS/qubes-core-admin-addon-whonix/tree/master/qubes-rpc-policy

If you like, create a pull request and see what Marek thinks.



/home/user/monerod.service would be better in /rw so only root can write
to it. Even better perhaps systemd user services?

https://www.brendanlong.com/systemd-user-services-are-amazing.html

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820111

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e8ae85ac-5c08-fb3c-83a9-0cf752847cff%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Whonix 14 installation problem...using 4.0?

2018-08-14 Thread Patrick Schleizer
sm...@tutamail.com:
> Not sure it was happening in the background but waited for 1 1/2 hrs
with no feedback after the "sudo qubesctl state.sls qvm.anon-whonix"
command in Dom0.

Created...

add salt download progress indicator #4215
https://github.com/QubesOS/qubes-issues/issues/4215

... for it.

> Regardless I have it running...thanks Whonix/Qubes!
>

Thanks! :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/92c05694-d2c1-8574-ffb3-5b8039aedfd0%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Whonix 14 - upgrade or re-install? Whats more smooth, less troublesome?

2018-08-14 Thread Patrick Schleizer
Andrew David Wong:
> On 2018-08-12 14:26, 'awokd' via qubes-users wrote:
>> On Sun, August 12, 2018 6:16 pm, qubes-...@tutanota.com wrote:
>>> I am planning to move from my Whonix 13 to Whonix 14 on Qubes. My
>>> question is what way it should be easier, based on the Q user
>>> experiences. What would you propose - upgrade or re-install? Are
>>> there any known issues which would call for one or other way?
>
>> Re-install is usually easier.
>
>>> I have few VMs based on the Whonix template with data and
>>> settings on it. Will the contents of these VMs remain, or will
>>> it be destroyed - re-install vs upgrade?
>
>> Contents should remain, just set them to the new Whonix template.
>> Make sure to back up everything first.
>
>
> The installation guide [1] states:
>
> "Re-installation will destroy any existing user data stored in Whonix
> VMs, unless it is backed up first. To avoid this scenario, it is
> possible to upgrade Whonix 13 to 14 instead of following these
> instructions."
>
> This was puzzling to me, too, since TemplateVM upgrades usually don't
> affect user data in TemplateBasedVMs. Could you shed some light on
> this, Patrick?
>
> [1] https://www.whonix.org/wiki/Qubes/Install

I see. Indeed it is not clear from the text alone without jumping over
to the reference and other links.

https://www.whonix.org/wiki/Qubes/Install links to
https://www.whonix.org/wiki/Qubes/Uninstall which suggests to get rid of
Whonix entirely (whonix-gw, whonix-ws TemplateVM, sys-whonix,
anon-whonix) before proceeding. Therefore all data gets lost unless
backup exists. Otherwise reinstall using salt would not be possible and
manual reinstall is too difficult (too much room for user error).

This is due to a hard to solve issue with Qubes salt:

https://github.com/QubesOS/qubes-issues/issues/4177

Help welcome with these salt issues as well as other salt issues (or any
Whonix issue):

https://github.com/QubesOS/qubes-issues/issues?q=is%3Aissue+is%3Aopen+label%3A%22C%3A+Whonix%22

Cheers,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ebac22b8-1ec2-120b-b057-f1154cb8f0bd%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Whonix 14 - upgrade or re-install? Whats more smooth, less troublesome?

2018-08-14 Thread Patrick Schleizer
Franz:
> when I try to uninstall whonix-ws
> 
> sudo dnf remove qubes-template-whonix-ws*
> 
> I get
> No match for argument: qubes-template-whonix-ws*
> Error: No packages marked for removal
> 
> I followed this guide: https://www.whonix.org/wiki/Qubes/Uninstall
> 


Output of...?

dnf list | grep qubes-template-whonix

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/be202356-226e-683a-95fc-4406279a7683%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes OS dual boot question

2018-08-13 Thread Patrick Bouldin

> If you really want to insist on dual boot however, sad to say but I can't 
> help you with that.

Ok, thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/742a56a5-e62a-49c8-ad45-621fe69a90ab%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Qubes OS dual boot question

2018-08-13 Thread Patrick Bouldin
I have a goal to buy a new laptop, preconfigured with Windows, and then within 
Windows I will reallocate disk space in order to install Qubes4.0.

In the past with prior versions of Qubes that has sometimes been problematic, 
is that fixed with 4.0 or still a problem?

Any input on how to proceed?

One data point, while I can recreate windows it's a pain in the butt to get the 
licensing back on the machine. I can do it, but would like to avoid it.

Thanks,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/33514bf2-7c0f-4a0a-8534-f187921c4c67%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Stable Template list 06/2018? eg whonix 14

2018-08-07 Thread Patrick Schleizer
How to know when new Whonix versions are out?

https://www.whonix.org/wiki/Stay_Tuned

Also posted subject "Whonix 14 has been Released" on this list yesterday.

Not sure how we can do better.

notify Whonix 14 release on qubes-announce

https://github.com/QubesOS/qubes-issues/issues/4193

799:
> Hello,
> 
>  schrieb am So., 3. Juni 2018, 09:47:
> 
>> 2. Jun 2018 23:54 by qubes-users@googlegroups.com:
>>
>> Is there a list of Stable Templates somewhere ,
>>
>>  https://www.whonix.org/wiki/Upgrading_Whonix_13_to_Whonix_14

Was testers-only by that time. By that time, that wiki page indicated
that. Released stable yesterday.

> I assume that we will see a Whonix 14 template in the "official qubes
> repository" soon, correct?
> 
> Or do we really need to manually upgrade from Whonix 13?

https://www.whonix.org/wiki/Qubes/Install

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/131fdf9b-5281-f7b8-b0ee-6a4b338f2ebb%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Whonix ERROR: Systemd Clock Check Result: Unexpected results by timedatectl

2018-08-07 Thread Patrick Schleizer
> Unexpected results by timedatectl

- Please enter error messages into search engines

"Unexpected results by timedatectl"

Then often find already existing discussions.

https://github.com/QubesOS/qubes-issues/issues/3469

- Upgrade to Whonix 14 - fixed there.

Cheers,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/843c8f55-4f54-0c84-0f4f-9a5ec9b477be%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Delete whonix and install again

2018-08-07 Thread Patrick Schleizer
'Andrzej Andrzej' via qubes-users:
> Very funny: D I've already solved the problem. I did not notice one thing. In 
> qvm-prefs whonix, I need to give False in option installed_by_rpm
> 

Just now reported a bug.

when restoring a VM from backup, don't restore setting installed_by_rpm

https://github.com/QubesOS/qubes-issues/issues/4192

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1b7b74bb-b729-dd3e-db0b-bb9affae1a24%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] sys-whonix-14 won't 'bootstrap' hangs @ 25-40% etc

2018-08-07 Thread Patrick Schleizer
none:
> I've noticed that sys-whonix-14  appears to fail after
> suspend and resume . is this a known issue?

Depends on exact terminology. Suspend or pause?

Does
https://www.whonix.org/wiki/Post_Install_Advice#Network_Time_Syncing
clarify?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa20b1e1-e2e5-8d2a-ef78-75137fd15842%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] whonix clock sync error on boot

2018-08-07 Thread Patrick Schleizer
cooloutac:
> anyone else getting Unexpected results by timedatectl message from sys-whonix 
> when booting Qubes?
> 
> Tried updating doesn't seem to be going away.
> 

> Unexpected results by timedatectl

- Please enter error messages into search engines

"Unexpected results by timedatectl"

Then often find already existing discussions.

https://github.com/QubesOS/qubes-issues/issues/3469

- Upgrade to Whonix 14 - fixed there.

Cheers,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ad8f0ada-336d-9382-b468-c9539939949d%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] whonix doesnt sync time -> mfa totp oathtool not working?

2018-08-07 Thread Patrick Schleizer
qubes-...@tutanota.com:
> Hi, I experience an issue with the mfa oathtool totp. 
Application similar to google authenticator?

Whonix's sdwdate might not be accurate enough for it.

Can you use that tool offline? Doing such code generation you're much
better off doing this in a non-Whonix offline (vault) VM.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b757e7eb-32ab-2041-2bfb-e7beb6f9b65d%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Whonix and problem with Proxy Policy

2018-08-07 Thread Patrick Schleizer
Let salt do it for you.

Refer to:

https://www.whonix.org/wiki/Qubes/Install

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6e7d8eb3-3ae3-d785-3635-db3d8489bbab%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] How to change TemplateVM update method from Whonix to just another appvm?

2018-08-07 Thread Patrick Schleizer
Sphere:
> So upon installation of Qubes I have set updating of TemplateVMs through 
> Whonix but now I'm actually stuck with it and I want to change it to updating 
> through just another AppVM.
> 
> Could anyone guide me to what commands I need to use in order to fix this? (I 
> actually wish this was an option in Qubes settings UI as well)
> 

Qubes R4?

modify:

/etc/qubes-rpc/policy/qubes.UpdatesProxy

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1b28346f-8d99-1289-127a-93586110ac81%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Confusing whonix check error

2018-08-07 Thread Patrick Schleizer
ray242012:
> Unexpected results by timedatectl

- Please enter error messages into search engines

"Unexpected results by timedatectl"

Then often find already existing discussions.

https://github.com/QubesOS/qubes-issues/issues/3469

- Upgrade to Whonix 14 - fixed there.

Cheers,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/43826bab-b04d-80dc-235c-44f966a8412f%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Whonix 14 has been Released

2018-08-07 Thread Patrick Schleizer
Franz:
> Many thanks, so, following this link, the command
> 
> sudo qubesctl state.sls qvm.anon-whonix
> 
>  should download Whonix 14, correct?
> 
> But the same link tells that this would download templates whonix-gw and
> whonix-ws. But these are the same names of the old templates. So am I
> expected to rename the old templates before calling the above command?
> 

Hi,

thanks!

Please refer to:
https://www.whonix.org/wiki/Qubes/Install

Cheers,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b7e1b391-e085-e274-95ce-eca5fb994634%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Whonix 14 has been Released

2018-08-07 Thread Patrick Schleizer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

After more than two years of development, the Whonix Project is proud
to announce the release of Whonix 14.

Whonix 14 is based on the Debian stretch (Debian 9) distribution which
was released in June 2017. This means users have access to many new
software packages in concert with existing packages such as a modern
branch of GNuPG, and more. [1][2][3]

**Major Changes and New Features**

Whonix 14 contains extensive security and usability improvements, new
features and bug fixes. For a detailed description of these and other
changes, please refer to the official release notes. [4]

* Rebased Whonix on **Debian stretch** (Debian 9).
* Whonix 14 is **64-bit** (amd64) only - 32-bit (i386) images will no
longer be built and made available for download. [5]
* The new **Anon Connection Wizard** [6] feature in Whonix simplifies
connections to the Tor network via a Tor bridge and/or a proxy.
* The Tor pluggable transport **meek_lite** [7] is now supported,
making it much easier to connect to the Tor network in heavily
censored areas, like China. [8]
* **Onioncircuits** are installed by default in Whonix. [9]
* Tails' **onion-grater** program has been implemented to enable
**OnionShare, Ricochet and Zeronet** compatibility with Whonix. [10]
* **Onion sources** are now preferred for Whonix updates/upgrades for
greater security.
* Reduced the size of the default, binary Whonix images by
approximately **35 per cent** using zerofree. [11] [12]
* **Updated Tor** to version 3.3.7 (stable) release to enable full v3
onion functionality for both hosting of onion services and access to
v3 onion addresses in Tor Browser.
* Created the **grub-live package** [13] which can run Whonix as a
**live system** on non-Qubes-Whonix platforms. [14]
* Corrected and hardened various **AppArmor profiles** to ensure the
correct functioning of Tor Browser, obfsproxy and other applications.


**Known Issues**

* Desktop shortcuts are no longer available in non-Qubes-Whonix.
* OnionShare is not installed by default in Whonix 14 as it is not in
the stretch repository. [15] It can still be manually installed by
following the Whonix wiki instructions [16] or building it from source
code. [17]
* Enabling seccomp (Sandbox 1) in /usr/local/etc/torrc.d/50_user.conf
causes the Tor process to crash if a Tor version lower than 0.3.3 is
used. [18] [19]


While there may be other issues that exist in this declared stable
release, every effort has been made to address major known problems.

Please report any other issues to us in the forums, after first
searching for whether it is already known.

  https://www.whonix.org/wiki/Known_Issues

**Download Whonix 14**

Whonix is cross-platform and can be installed on the Windows, macOS,
Linux or Qubes operating systems. Choose your operating system from
the link below and follow the instructions to install it.

  https://www.whonix.org/download/

**Upgrade to Whonix 14**

Current Whonix users (or those with 32-bit hardware) who would prefer
to upgrade their existing Whonix 13 platform should follow the upgrade
instructions below.

  https://whonix.org/wiki/Upgrading_Whonix_13_to_Whonix_14

**What’s Next?**

Work on Whonix 15 is ongoing and interested users can refer to the
roadmap to see where Whonix is heading. [20]

Developer priorities are currently focused on easing the transition to
the next Debian release due in 2019 (“buster”; Debian 10) and
squashing existing bugs, rather than implementing new features.

We need your help and there are various ways to contribute to Whonix -
donating or investing your time will help the project immensely. Come
and talk with us! [21]

**References**

[1] https://www.debian.org/News/2017/20170617
[2] https://www.debian.org/releases/stable/amd64/release-notes/
[3] https://www.debian.org/releases/stable/i386/release-notes/
[4] https://whonix.org/wiki/Whonix_Release_Notes#Whonix_14
[5] Whonix 13 users with 32-bit systems can however upgrade their
platform by following the available wiki instructions, rather than
download new Whonix-WS and Whonix-GW images.
[6] https://whonix.org/wiki/Anon_Connection_Wizard
[7] https://www.whonix.org/blog/meek_lite-whonix-14
[8]
https://github.com/Yawning/obfs4/commit/611205be681322883a4d73dd00fcb13c
4352fe53
[9] https://packages.debian.org/stretch/onioncircuits
[10] https://phabricator.whonix.org/T657
[11] https://phabricator.whonix.org/T790
[12] VirtualBox .ova and libvirt qcow2 raw images. The Whonix-Gateway
is reduced from 1.7 GB to 1.1 GB, while the Whonix-Workstation is
reduced from 2 GB to 1.3 GB.
[13] https://whonix.org/wiki/Whonix_Live
[14] grub-live is optional and requires the user to first enable it
manually.
[15] https://packages.debian.org/search?searchon=names=onionsha
re
[16] https://whonix.org/wiki/Onionshare
[17] https://github.com/micahflee/onionshare/blob/master/BUILD.md#gnulin
ux
[18] https://trac.torproject.org/projects/tor/ticket/22605
[19] 

Re: [qubes-users] Can't get qvm-run to work

2018-03-21 Thread Patrick Bouldin
Thank you all, working now. :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/50a61b6a-55da-465c-b1da-5fb264bc5d35%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Can't get qvm-run to work

2018-03-21 Thread Patrick Bouldin
Hello,

I'm simply trying to copy a file to dom0 form work  ~/Downloads/

Can someone please tell me the precise letters to use if the filename was 
qvm-screenshot-to-clipboard.sh and I want to put it in dom0 ~/Downloads/

Here is the instruction in the manual:
qvm-run --pass-io  'cat /path/to/file_in_src_domain' > 
/path/to/file_name_in_dom0

I get permission denied and tried sudo, etc.

Thought it would be:

qvm-run --pass-io work ~/Downloads/qvm-screenshot-to-clipboard.sh > 
/home/mandoguy/qvm-screenshot-to-clipboard.sh


Wish the documentation had real examples.

Thanks,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/39057950-b062-4fff-9e92-3717a2df5673%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] port filtering using Qubes firewall?

2018-02-05 Thread Patrick Schleizer
https://www.qubes-os.org/doc/firewall/

Is it possible to use "any" as address?

In other words, is it possible to do simple port filtering? As in block
port XX or allow port YY only?

Cheers,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2cb05067-1cd4-4d5a--0dd71e7b9069%40whonix.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] VM's fail to start after fixing chock-full LVM thinpool

2017-12-08 Thread Patrick
Hi Tom,

> This looks like a show-stopper bug to me.
> The system should never be able to corrupt a critical file like that due to 
> disk-full.

This problem could be averted by pulling dom0 out of tpool. Also, using "df" to 
check how full your partition is, will not necessarily say how much data you 
can still write on the partition if the disk itself is already quite full. So 
you should always use "lvs" (for example) on dom0 to check how much space is 
actually left available on tpool00 itself. The documentation about low disk 
space (deceptively called "Home directory is out of disk space error" and with 
an even more deceptive file name and page title "out-of-memory") on the Qubes 
website should be changed for 4.0 to reflect this.

> I reported it to the qubes devs

Thsnks a lot! :-)

Regards,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d60743d7-b7e0-4621-8353-7934ea9bb6fe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] VM's fail to start after fixing chock-full LVM thinpool

2017-12-07 Thread Patrick

I found the problem! :-D My /var/lib/qubes/qubes.xml file was corrupted, so it 
could not be parsed correctly by qubesd. I restored a previous version from 
/var/lib/qubes/backup and now I am back in business! Thanks anyway for checking 
out my problem.  :-)


Best regards,
Patrick
 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/445db5b8-58de-4fa0-9148-efc6c4599c70%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


  1   2   >